Shaarli export of all bookmarks on Sat, 03 Feb 24 17:10:28 -0500
- Rook to XSS: How I hacked chess.com with a rookie exploit
- Faction: Open-source pentesting report generation and collaboration framework - Help Net Security
- Understand Linux Shell and Basic Shell Scripting - Part 1
- 5 Useful Shell Scripts for Linux Beginners - Part 2
- Learn Practical BASH Scripting Projects - Part III
- Japan will no longer require floppy disks for submitting some official documents
- Vagrant on Windows: Simplifying Dev Environment Configuration
- Tips for Vagrant on Windows - /* steve jansen */
- Dracut emergency! LVM label missing after fdisk catastrophe | Technical Prose
- Throughput vs Latency: The Yin and Yang of Software Performance - Geeks with Blogs
- API security in 2024: Predictions and trends - Help Net Security
- Mailtrap Service Review: Pros and Cons - Geeks with Blogs
- Proxmox and OpnSense Crashing – ZenCoffee Blog – random notes, guides, and thoughts…
- JSON Web Key Sets (JWKS) Ultimate Guide - Geeks with Blogs
- What is a Technical Debt Register Template? - Geeks with Blogs
- This Free App Is The Fastest Way To Get Through U.S. Immigration - foXnoMad
- Why speed tests aren’t always the answer when troubleshooting Wi-Fi networks | The Packetologist
- 2024-01-21 multi-channel audio part 1
- NSA admits to buying Americans’ web browsing data from brokers without warrants
- Soo, you got access to Copilot, now what? Here are some best practices – msunified.net
- ere
- How to properly decommission a VMware ESXi Host - The Tech Journal
- Packer - Use the SSH communicator for Windows images - ivobeerens.nl
- Five Truths in Veeam's 2024 Data Protection Trends Report - The things that are better left unspoken
- Backups still matter in 2024!
VMs are only 25% of the problem
74% of enterprise organizations back up Microsoft 365 data
Recovery test results are in – and sobering…
"only 32% of organizations can recover a 50-server site within a business week. "
54% of organizations are very likely to change backup solutions in 2024
- AWS Weekly Roundup—Amazon Route53, Amazon EventBridge, Amazon SageMaker, and more – January 15, 2024 | AWS News Blog
-
- Book Recommendations from the AWS Enterprise Strategy Team | AWS Cloud Enterprise Strategy Blog
- Locating Leviathan Files in Linux | Linux Journal
- du -h --max-depth=1 /var | sort -hr | head -10
- Understanding System Log Management Using Logrotate | Linux Journal
- Migrate Red Hat AAP or AWX to Ascender with Automation | Greg Sowell Saves The World
- Passing Ansible Variables In Workflows Using set_stats | Greg Sowell Saves The World
- When is a client problem also an AP problem? | The Packetologist
- Build your own container on Linux | Opensource.com
- Fabric - Run Shell Commands Remotely Over SSH in Linux
- Agile Principles in Software Development – Business
- AlmaLinux Becomes More Than Just Another RHEL Clone With 9.3 Release - FOSS Force
- Amazon ECS supports a native integration with Amazon EBS volumes for data-intensive workloads | AWS News Blog
- The FDA has reportedly approved an AI product that predicts cognitive decline
- De-duplicating $PATH
- New Insights for the CASP+ CAS-004 Exam - WyzGuys Cybersecurity
- Edge Browser Refusing a Self-Signed Certificate | Easy Bypass – CubicleNate's Techpad
- That grumpy BSD guy: The 'sextortion' Scams: The Numbers Show That What We Have Is A Failure Of Education
- Your People Are Routing Around Your IT Security
- This tells me that there are a number of things going on, possibly.
The rules are too strict and too inflexible. – Having a website or file storage location that a third party is using to work with your folks, that they can’t get access to means they don’t even bother coming to you anymore. That’s not good.
Your users do not have the proper tools to collaborate with people outside of your environment.
Your impression of how often this kind of thing happens is probably wrong.
- E-Waste Is a Cybersecurity Problem, Too - IEEE Spectrum
- Shegerian: I once had a big, big bank call me up: “John, we’ve had a breach, but we don’t believe it’s phishing or software. We think it came from hardware.” I go out thShegerian: I once had a big, big bank call me up: “John, we’ve had a breach, but we don’t believe it’s phishing or software. We think it came from hardware.” I go out there and it turns out one of their bankers threw his laptop in the trash in Manhattan and someone fished it out. On that laptop was information from the many clients of the entire banking firm—and the bank’s multibillion-dollar enterprise. The liability, the data…God, just absolutely priceless. If it got into the wrong people’s hands, the ransom that could have been extracted was truly of huge magnitude. ere and it turns out one of their bankers threw his laptop in the trash in Manhattan and someone fished it out. On that laptop was information from the many clients of the entire banking firm—and the bank’s multibillion-dollar enterprise. The liability, the data…God, just absolutely priceless. If it got into the wrong people’s hands, the ransom that could have been extracted was truly of huge magnitude.
- Preserving IT Expertise: A Comprehensive Guide to Knowledge Transfer Strategies
- Driven: The Four Drives Underlying Our Human Nature - Driven: How Human Nature Shapes Organizations - HBS Working Knowledge - Harvard Business School
- we all are driven by four biological motivations: acquiring, bonding, learning, and defending.
- Essential Midlife Career Change Frameworks & Mental Models
- tailscale, Magic DNS, proxmox, and LXC | Nelson's log
- OpenSSF Scorecard
- Docker Security - OWASP Cheat Sheet Series
- Container Tools, Tips, and Tricks - Issue #2
- 20 Terraform Best Practices to Improve your TF workflow
- OpenTofu retained all the features and functionalities that had made Terraform popular among developers while also introducing improvements and enhancements. OpenTofu is the future of the Terraform ecosystem, and having a truly open-source project to support all your IaC needs is the main priority.
- Tetragon Cloud Native Security - RodrigTech
- Building OCI Images with Buildah
- GitHub - masonr/yet-another-bench-script: YABS - a simple bash script to estimate Linux server performance using fio, iperf3, & Geekbench
- Cybersecurity Maturity Model Certification Program Proposed Rule Published > U.S. Department of Defense > Release
- HXServers Deadpools Due to ‘IPXO IP Revocation’ - LowEndBox
- Chris's Wiki :: blog/spam/DKIMAloneMeansLittle
- Vx Underground
- Worried about Overfunded 529 Balances? The Half-Time Community College Method — My Money Blog
- examples.el/README.org at master · lujun9972/examples.el · GitHub
- Fix slimy plastic - The Silicon Underground
- Fix 3.5-inch floppy drives with these easy tips - The Silicon Underground
- Using terrascan to detect compliance and security violations -- Prefetch Technologies
- PEStudio: Program analysis for Windows | Born's Tech and Windows World
- DICOM protocol: Millions of patient data accessible unprotected via the Internet | Born's Tech and Windows World
- 21 Examples to Manage Secrets using AWS Secrets Manager CLI
- /etc/hosts and the thousand-characters-long line | The eternal fight between admins and computers
- https://documents.uow.edu.au/~blane/netapp/ontap/nag/networking/concept/c_oc_netw_maintaining_host_file_limits.html
The following are hard limits for the /etc/hosts file:
Maximum line size is 256.
Maximum number of name servers is 3.
Maximum domain name length is 256.
Maximum search domains limit is 6. The total number of characters for all search domains cannot exceed 256.
No file size limit.
- Linux and bad memory | Nelson's log
- LXC by hand | Nelson's log
- Proxmox Linux container sizes (Alpine etc) | Nelson's log
- Managing VMware Infrastructure with Ansible | Windows OS Hub
- Cloning a physical Linux system into a Proxmox VM | Nelson's log
- Database Backups to B2 Using Restic – Stuff I'm Up To
- Vagrant and Ansible – Stuff I'm Up To
- Manage EDI at scale with new AWS B2B Data Interchange | AWS News Blog
- Automatic restore testing and validation now available in AWS Backup | AWS News Blog
- Check your AWS Free Tier usage programmatically with a new API | AWS News Blog
- Use Amazon CloudWatch to consolidate hybrid, multicloud, and on-premises metrics | AWS News Blog
- New Cost Optimization Hub centralizes recommended actions to save you money | AWS News Blog
- 8 Linux Commands: To Find Out Wireless Network Speed, Signal Strength And Other Information - nixCraft
- nmcli dev wifi
- Handout from "Ethical Implications of Generative AI for the Michigan Lawyer" Presentation | DennisKennedy.Blog
- What is RoPA? Records of Processing Activities Explained - Securiti
- Records of Processing Activities
- Privacy in Education: Guide for Parents and Adult-Age Students | Privacy Rights Clearinghouse
- Data
- 2019 Consumer Data Privacy Legislation
- Your Smart TV Knows What You’re Watching – The Markup
- Backing up photos from Android to Debian - P.T.C.
- Make sure to unmount any automated mounts.
gphotofs ~/Camera/mnt
ls -al ~/Camera/mnt
mkdir -p ~/Camera/mnt
mkdir -p ~/Pictures/Camerabackup
cd ~/Pictures/Camerabackup
rsync -av ~/Camera/mnt
fusermount -u ~/Camera/mnt
- GitHub - mrrfv/open-android-backup: Back up your device without vendor lock-ins, using insecure software or root. Supports encryption and compression out of the box. Works cross-platform.
- Introducing the VGHF Digital Library | Video Game History Foundation
- AWS Control Tower adds new controls to help customers meet digital sovereignty requirements | AWS News Blog
- Logging, Monitoring and Observability - Same same, or different? - Cloud for the win!
- (19) vCenter Database (VCDB) 101 | LinkedIn
- (375) Azure Terraform Export Tool - What's New? - YouTube
- Azure Terraform Export Tool formerly called Terrafy
- Patch a VMware ESXI host with the ESXCLI command and choose the right image profile - ivobeerens.nl
- How to Install the vSphere vCenter Root Certificate
- Snap lays off 20 product managers to speed up decision-making
- Running Graylog on Windows | Virtually Fun
- Three new capabilities for Amazon Inspector broaden the realm of vulnerability scanning for workloads | AWS News Blog
- Amazon Inspector introduces a new set of open source plugins and an API allowing you to assess your container images for software vulnerabilities at build time directly from your continuous integration and continuous delivery (CI/CD) pipelines wherever they are running.
Amazon Inspector can now continuously monitor your Amazon Elastic Compute Cloud (Amazon EC2) instances without installing an agent or additional software (in preview).
Amazon Inspector uses generative artificial intelligence (AI) and automated reasoning to provide assisted code remediation for your AWS Lambda functions.
- Improve developer productivity with generative-AI powered Amazon Q in Amazon CodeCatalyst (preview) | AWS News Blog
- Join the preview of Amazon Aurora Limitless Database | AWS News Blog
- Amazon EBS Snapshots Archive is now available with AWS Backup | AWS News Blog
- Charlie Munger CNBC Final Interview 2023: Highlights & Transcript — My Money Blog
- The iron rule of life is everybody struggles.
- A Tribute To Charlie – The Felder Report
- RIP Charlie Munger: Thank You For Sharing Your Wit and Wisdom — My Money Blog
- CCNA Training » CCNA Most Popular Questions
- Chris's Wiki :: blog/linux/ZFSSortingOutPoolFeatures
- New – Block Public Sharing of Amazon EBS Snapshots | AWS News Blog
- New – Manage Planned Lifecycle Events on AWS Health | AWS News Blog
- Microsoft drops SMB1 firewall rules in new Windows 11 build
- Reflecting on 20 years of Windows Patch Tuesday | Windows Experience Blog
- Digital Transformation in the UK Is Propelled by the Cloud – Business
- Setup Harbor Proxy Cache and Harbor Container Webhook to overcome Docker Hub Pull Limits in Kubernetes | viktorious.nl – All things cloud-native
- CI / CD Deployment of Conditional Access Policies for a Zero Trust Architecture Framework using Terraform and GitHub Actions
- What’s new in the Azure Well-Architected Framework - Thomas Maurer
- (335) Terraform On A Dime: Building Azure Infrastructure on a Shoestring Budget with Mark Tinderholt - YouTube
- GitHub - Azure/review-checklists: This repo contains code and examples to operationalize Azure review checklists.
- Data Protection Tips - Next Level SDDC
- Chris's Wiki :: blog/sysadmin/OpenSSHWhatKeysForKeysigning
- Automating Tasks Using Bash Scripts and Cron Jobs with AWS
- Best Practices for Patching VMware vSphere | VMware
- Every car is a smart car, and it's a privacy nightmare
- Researchers posed as foreign actors, and data brokers sold them information on military servicemembers anyway
- Non-interactive SSH password authentication
- Moving to cloud is more than just a purchasing exercise · Major Hayden
- Infracost: The Cloud’s Checkout Screen
- The Art of Writing a Good Root Cause Analysis/Reason for Outage - LowEndBox
- How to run an LLM locally with Arch Linux
- AVX2
- Best Practices for Patching VMware vSphere | VMware
- Terence Luk: Deploy a ChatGPT service with Azure OpenAI Service in 6 minutes with PowerShell
- are NOT available to other customers.
are NOT available to OpenAI.
are NOT used to improve OpenAI models.
are NOT used to improve any Micro
- New Horizons for EL: OpenELA Publishes Package Sources
- Charlie Munger Acquired Podcast Interview w/ Transcript (October 2023) — My Money Blog
- Project Gemini
- GitHub - kr1sp1n/awesome-gemini: A collection of awesome things regarding the gemini protocol ecosystem.
- Techrights — Our Second Month in Our Virtual Private Server
- Losslessly splitting videos by chapter using bash and ffmpeg - Albert Armea
- ffmpeg -i "$SOURCE.$EXT" 2>&1 | grep Chapter | sed -E "s/ *Chapter #([0-9]+\.[0-9]+): start ([0-9]+\.[0-9]+), end ([0-9]+\.[0-9]+)/-i \"$SOURCE.$EXT\" -vcodec copy -acodec copy -ss \2 -to \3 \"$SOURCE-\1.$EXT\"/" | xargs -n 11 ffmpeg
- The US Senate and Silicon Valley reconvene for a second AI Insight Forum
- AHCI vs. NVMe - Phison Blog
- Formatting Terraform Code With the Terraform fmt Command
- How To Use Docker Save Image and Export for Sharing
- How to Read CSV in Python, Write and Append Too
- How to Set up Pi-hole in Docker Container
- WWoIT - Wayne's World of IT: VMware Command-Line Interface commands
- WWoIT - Wayne's World of IT: More useful command-lines
- Peace of Mind with Restic Backup on Linux
- How to Reduce Docker Image Size in Docker Containers
- 10 Top Open Source Artificial Intelligence Tools for Linux
- 1. Deep Learning For Java (Deeplearning4j)
2. Caffe – Deep Learning Framework
3. H20 – Distributed Machine Learning Framework
4. MLlib – Machine Learning Library
5. Apache Mahout
6. Open Neural Networks Library (OpenNN)
7. TensorFlow
8. PyTorch
9. Apache SystemDS
10. NuPIC
- Google ads for KeePass, Notepad++ lead to malware - Help Net Security
- 2023-10-15 go.com
- Four Customers Who Found Out the Hard Way You Need To Backup Your Cloud Data - LowEndBox
- Convert an Existing System to Use Thin LVs - A Random Walk Down Tech Street
- Exchanging SSH keys using ssh-copy-id - A Random Walk Down Tech Street
- Hard Drive Monitoring and E-mail Alerts Using smartd - A Random Walk Down Tech Street
- Mabe
- How to Install Jellyfin Media Server on Debian 12, 11 or 10 - LinuxCapable
- archives.design
- Street Smarts – Cool Tools
- Like many other tools, it’s good to know these options exists, even if you have no plans to use them now. Being aware of what possibilities we have for deep disguise and obsessive privacy is empowering. And of course, if you are trying to find someone, this book has all the tricks they may be using. I learned tons and consider it a bargain education. — KK
Level ThreeThis will almost certainly require a move from your present location. Both your home (or rental property) and you vehicles will be in the names of anonymous limited liability companies (LLCs). Your home address will now be hidden from all but your closest relatives and friends. It will no longer appear on your annual tax returns, or anywhere else. If you follow the directions in chapter 12, “E-mail and the Internet,” your Internet/e-mail connections will be under cover and the black-hat boys and/or law firms may have to pay a PI some truly serious money to track you down. Are you worth that much to them? If not, sleep well.
I learned this one from a FEMA (Federal Emergency Management Agency) agent I met, while staying in a motel that was near a flooded area. Some years ago he bought a $98,995 motor home under another name, and did not license it. (He thus saved not only the license fees and road tax, but an $8,513.57 sales tax as well.) For $12 he got a fifteen-day permit to move it to a rural location in another state. From time to time he moves it, each time getting a temporary permit. Try to find out where this agent actually lives!
Watch For This Sneaky TrickSuppose a private investigator wants to hear you talking to your lawyer (or mistress, or whomever). He may place a conference call, recording every word. Here is how it works. The first call would go to you, and when you answer, the PI punches HOLD and then speed-dials your lawyer. you start saying, “Hello? Hello?” Then your lawyer comes on the line. He recognizes your voice. Each of you may then assume the other person placed the call, and start to chat!
Suppose you wish to send $25,000 from Vancouver, British Columbia, to a friend in Helsinki, Finland. You would hand $25,000 cash to a Vancouver money changer (Hawaladar) in Vancouver, and receive code words (or an agreed signal such as a secret handshake) and a contact address in Helsinki. No actual cash moves out of Canada. Instead, when your friend gives the code to the correspondent Hawaladar in Helsinki, he will receive the equivalent in euros (less a commission) from money that is already there. To review:There are no written documents. The exchanges are based on mutual trust (perhaps for that reason unpopular in the United States?).Only local currencies are used. Thus, if you are sending money from the UK to Mexico, you pay in pounds and the receiver in Mexico collects in pesos.This exchange cannot be traced because no money crosses a border.
Since the IRS treats one-member LLCs as sole proprietorships for tax purposes, there are no income tax consequences. If you use your LLC for a part-time business, for example, you will merely report earnings and expenses on Schedule C and submit it with your 1040 tax return. Repeat: The income – -if any — is listed on your personal tax return. Nowhere on the tax form will the name of your limited liability company appear. As far as the IRS is concerned, your limited liability company is invisible.”How can I prove I own the company,” I’m often asked, “if my name doesn’t appear anywhere?” If privacy is the goal, I recommend New Mexico LLCs because they do not show ownership in the Articles of Organization (which are a public record). The best way to prove ownership, then, is to have the original LLC documents coupled with an operating agreement.
- Beautiful Basics - Series - Malicious Link - Blog by mubix - Rob Fuller
- Hunt | Home
- These 38 Reading Rules Changed My Life - RyanHoliday.net
- Fifty Dangerous Things (you should let your children do) - Let Grow
- China Recon 101 - Google Slides
- Testing a TCP port with curl in Linux | ComputerTechBlog
- Maker’s Muse – Cool Tools
- Revisiting “The Kenny Rogers Rule”
In having done this newsletter for the past 5 years or so, I am frequently asked what are my top-most tips? What are the ones that stick, that “changed my life” (or at least my workflow). I was reminded a few nights ago of one tip that would be at the top of such a list: The Kenny Rogers Rule (as in “You’ve got to know when to hold ’em, Know when to fold ’em, Know when to walk away, Know when to run”). This is a name I came up with years ago for knowing when to take a break from a project that has turned to little but frustration. The other night, I was trying to put together a bed frame that was not cooperating. It was all the things we know all too well about modern flat-pack furniture: warpage, improperly-drilled holes, cheap hardware, confusing instructions. By the time I was down to the last two nuts and bolts, I was struggling, sweating profusely, and rung tight with curses and frustration. I decided to put the tools down and come back tomorrow. In the morning, rested and with a new dedication to getting this damn thing done, it took about ten minutes to finish (with nary a bead of sweat or profane utterance). A perennial lesson from Kenny to us all.
- 3 questions to get unstuck and start making progress
- 1. What haven't I done yet? Why?
2. What's stopping me from doing this?
3. What is making me frustrated or discontent?
- PowerShell 7 Upgrade: A Comprehensive Walkthrough
- 2-Nodes clusters without Witness - StarWind VSAN Heartbeat Failover Strategy - ESX Virtualization
- How I learned to stop worrying and love the CoreOS · Major Hayden
- AWS Weekly Roundup: AWS Control Tower, Amazon Bedrock, Amazon OpenSearch Service, and More (October 9, 2023) | AWS News Blog
- Quick Tip: Get CPU temperature | >_
- divide
- Dell Offers APEX Azure Storage for a Cool Million Dollars - Architecting IT
- Hacktivism erupts in response to Hamas-Israel war | TechCrunch
- SEC investigating MOVEit hack that exposed data of at least 64 million people
- Common Ansible Errors | badllama.com
- Enabling BitLocker with Group Policy and backing up Existing BitLocker recovery keys to Active Directory | A Windows System Admin's Blog
- manage-bde -protectors -get c:
for /f "skip=4 tokens=2 delims=:" %%g in ('"manage-bde -protectors -get c:"') do set MyKey=%%g
echo %MyKey%
manage-bde -protectors -adbackup c: -id%MyKey%
- Copying files from one server to another as a different user (two separate domains) using PowerShell | A Windows System Admin's Blog
- CORS | badllama.com
- How to Install TIG Stack (Telegraf, InfluxDB, and Grafana) on Rocky Linux
- TIG Stack (Telegraf, InfluxDB, and Grafana)
- Reset Root Password in VMware ESXi | Windows OS Hub
- Nginx Proxy Manager and GoAccess – Stuff I'm Up To
- Simple SQL in PowerShell
- How to Query and Change Teams User Presence Status with PowerShell | Windows OS Hub
- Access:7 vulnerabilities impacting medical and IoT devices | Born's Tech and Windows World
- Making Meetings more Inviting - American Boffin
- Vulnerabilities in Notepad ++ (Sept. 2023) | Born's Tech and Windows World
- PowerHell: Attention, unfixed vulnerabilities in the PowerShell gallery | Born's Tech and Windows World
- Clint Boessen's Blog: Mass Converting Video Files changing Audio or Video Fromat
- Chris's Wiki :: blog/solaris/ZFSRecordsizeChangeEffects
- Chris's Wiki :: blog/tech/TLSShortCertDurationVsBlackBoxes
- Chris's Wiki :: blog/linux/ZFSOnLinuxARCTargetSizeChanges
- How to reliably get the system time zone on Linux? | /contrib/famzah
- SSD - the definitive guide for Linux! · Igor Moiseev
- I miss del.icio.us – the web’s discovery-engine and link classifier | Ctrl blog
- How to Install Bluestacks (Android Emulator) on Ubuntu
- Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers - Help Net Security
- Ubuntu 23.10 to Introduce an Experimental TPM-Backed FDE
- 13 Best Free Linux DICOM Viewers for Medical Imaging
- Velociraptor: Open-source digital forensics and incident response - Help Net Security
- Kanban.bash - A Commandline Todo Manager For Linux - OSTechNix
- Security Onion 2.4: Free, open platform for defenders gets huge update - Help Net Security
- 8 open-source OSINT tools you should try - Help Net Security
- Amass
Osmedeus
- GitHub - alphasoc/flightsim: A utility to safely generate malicious network traffic patterns and evaluate controls.
- How to Use Jupyter Notebook: Beginner's Tutorial
- Example of scope in a Notebook document
- Four Scenarios for the Future of Legal Education | DennisKennedy.Blog
- 23andMe user data breached in credential-stuffing attack
- credential stuffing
- Platform Engineering is Product Design at Scale - Wahl Network
- Dall-E 3 vs MidJourney
- How to keep up with technology | James Serra's Blog
- PowerShell – Get top CPU and memory usage for windows service | geekdudes
- Proxmox with one static IP
- Cheatsheet to install Docker or Podman
- Unit testing in PowerShell | John Louros
- Basics of cryptography with OpenSSL | John Louros
- How to encrypt web.config sections | John Louros
- How to automate Windows Security prompt input | John Louros
- Create a schedule task to periodically run a PowerShell script | John Louros
- Enabling strong cryptography for all .Net applications | John Louros
- Batch download images from a website | John Louros
- Resignation letter template | John Louros
- Chapstick left in pocket, stains all over clothes! | The DIS Disney Discussion Forums - DISboards.com
- How to Get Chapstick Out of Clothes
- Chainguard's Wolfi: Revolutionizing Containerized Workloads with Rapid Updates and Robust Security
- Securing Docker with iptables – Stuff I'm Up To
- Reaching the fork in the road · Major Hayden
- Walt Disney said it best:
We keep moving forward, opening new doors, and doing new things, because we’re curious and curiosity keeps leading us down new paths.
- Terraform Certified Associate (003) – How to Study for the Exam
- (16) How I cleared Terraform Associate (003) in 2 weeks. | LinkedIn
- Retention of Millennial and Gen Z Employees Rests Heavily on Digital Employee Experience | APMdigest - Application Performance Management
- Docker Exec Command With Practical Examples - buildVirtual
- Your NFTs are Worthless. Everyone's NFTs are Worthless. - LowEndBox
- Turbo-Charge Your Linux Shell With These Easy Tricks! - LowEndBox
- CyberBunker: The ‘Bulletproof’ Darknet Market Host That Operated out of Bunkers (Founder Sentenced to Prison) - LowEndBox
- The WGA strike may end as studios offer streaming and AI concessions
- 50+ Kubectl Commands for Managing Kubernetes Clusters
- New – Amazon EC2 C7a Instances Powered By 4th Gen AMD EPYC Processors for Compute Optimized Workloads | AWS News Blog
- WebAuthn and Yubikey – Stuff I'm Up To
- Trust an IP address with firewalld’s rich rules · Major Hayden
- Adding a ZFS mirror to Proxmox | Logan Marchione
- What my toddler taught me about information security · Major Hayden
- Reduce disk I/O for small reads using memory · Major Hayden
- Generate self-signed certificate and key in one line · Major Hayden
- How to Install dbWatch to Monitor MySQL Performance in Linux
- How to Self-Host Your Own Email for Less Than $3/Mo… and Get Your Emails Delivered! - LowEndBox
- Easy Chocolate Frosty Homemade Ice Cream Recipe - What a Good Day
- Ice cream freezer
- Hubbard on Networking: Apple MacBook Air M1 for Network Engineers Part 4
- Hubbard on Networking: Apple MacBook Air M1 for Network Engineers Part 3
- Hubbard on Networking: Apple MacBook Air M1 for Network Engineers Part 2
- Hubbard on Networking: Apple MacBook Air M1 for Network Engineers Part 1
- Unleashing Docker's Power: The Vital 20 Commands for Success
- Gain Control of the Storage Controller Loading Order - Running Systems
- Using vSphere Datasets in Salt · vNinja.net
- PowerShell: How to export and import ssl certificate from commandline? | Networknet.nl
- How to Use Ansible to Manage Windows Machines | Windows OS Hub
- task-spooler | Nelson's log
- Running my own LLM | Nelson's log
- Matt Ventura's blog » Blog Archive » Upgrading an SC847 with a rear 2×2.5″ Drive Cage
- My Automated Lab project: #2 Create a Ubuntu template in VMware vSphere with Packer
- First Impressions with the Raspberry Pi 5
- Amazon Bedrock Is Now Generally Available – Build and Scale Generative AI Applications with Foundation Models | AWS News Blog
- Great Architects Always Seek Feedback - Wahl Network
- There are three major reasons for this:
Unknown unknowns are harder to find alone
Context always matters
Natural bias towards the familiar
- PostgreSQL with TLS Client Auth – Stuff I'm Up To
- Writing For Somebody - Marc's Blog
- What is a container? - Marc's Blog
- A common example is the word container, a popular term for a popular technology that means at least four different things.
An approach to packaging an application along with its dependencies (sometimes a whole operating system user space), that can then run on a minimal runtime environment with a clear contract4.
A set of development, deployment, architectural, and operational approaches built around applications packaged this way.
A set of operational, security, and performance isolation tools that allow multiple applications to share an operating system without interfering with each other. On Linux, this tools include chroot, cgroups, namespaces, seccomp, and others.
A set of implementations of these practices (the proper nouns, Docker, Kubernetes, ECS, etc).
- The Four Hobbies, and Apparent Expertise - Marc's Blog
- Engineering through layoffs · Major Hayden
- Takeaways from The Obesity Code · Major Hayden
- .)
- Raise the bar with an SBAR · Major Hayden
- Situation
Background
Assessment
Recommendation
- Secure Tailscale networks with firewalld · Major Hayden
- Why ITIL Remains a Disaster in 2023 — EtherealMind
- How to View and Change BIOS (UEFI) Settings with PowerShell | Windows OS Hub
- "Industry standard" isn't useful in arguments - SysAdmin1138 Explains
- Fudgy Brownies Recipe | Epicurious
- add 1 tablespoon of powered milk
- 7 Ways to Escape a Container - Panoptica
- Installing the IBM SCSI / A ‘tribble’ card in an IBM PS/2 model 60, using BlueSCSI, and a tale of painful lessons. | Virtually Fun
- Microsoft’s big Windows 11 update drops on September 26 with Copilot AI baked in
- VMware Carbon Black Emerges as a Leader in Frost & Sullivan’s 2023 XDR Report - VMware Security Blog - VMware
- What's the purpose of those 17 virtual hard disks within VMware vCenter Server Appliance (VCSA) 8.0? - ESX Virtualization
-
VMDK 1 – 48Gb – /boot as mount point – Directory where the kernel images and boot loader configurations are stored.
VMDK 2 – 5.5Gb – /tmp as mount point – Directory used to store temporary files generated or used by services from vCenter Server.
VMDK 3 – 25Gb – SWAP – Directory used when the system is out of memory to swap to disk.
VMDK 4 – 25Gb – /storage/core – Directory where core dumps from VPXD process from the vCenter Server are stored.
VMDK 5 – 10Gb – /storage/log – Directory where vCenter Server and Platform Services Controller store all logs for the environment.
VMDK 6 – 10Gb – /storage/db – VMware Postgres database storage location.
VMDK 7 – 15Gb – /storage/dblog – VMware Postgres database logging location.
VMDK 8 – 10Gb – /storage/seat – Stats, Events, Alarms and Tasks (SEAT) directory for VMware Postgres.
VMDK 9 – 1Gb – /storage/netdump – VMware Netdump collector repository that stores ESXi dumps.
VMDK 10 – 10Gb – /storage/autodeploy –VMware Auto Deploy repository that stores the thin packages used for stateless booting of ESXi hosts.
VMDK 11 – 10Gb – /storage/imagebuilder – VMware Image Builder repository that stores the vSphere image profiles, software depots and VIB packages, such as driver VIBs and update VIBs.
VMDK 12 – 100Gb – /storage/updatemgr – VMware Update Manager repository where patches and updates are stored for Virtual Machine and ESXi hosts.
VMDK 13 – 50Gb – /storage/archive – VMware Postgres database’s Write-Ahead Logging (WAL) location.
VMDK 14 – 10Gb – /storage/vtsdb – VMware vTSDB Service Repository that stores the stats.
VMDK 15 – 5Gb – /storage/vtsdblog – VMware vTSDB Service Repository that stores the logs of the service.
VMDK 16 – 100Gb – /storage/lifecycle – Workload Control Plane service stage directory or software depot, this stores the binaries for install and update/upgrade.
VMDK 17 – 150Gb – /storage/lvm_snapshot – Directory used to store temporary system root.
- Pi autoRIP
- Bare metal provisioning (PXE boot) - Khue's Homelab
- Gluten Free on a Shoestring - Gluten free recipes that really work
- How to Create a Ramdisk in Linux
- mount -t tmpfs -o size=2g tmpfs /mnt/tmp
- Hackgreenville - A Developer Community in the Greenville SC Area
- Learning Resources for WGU Alumni
- We Need Wide News | Doc Searls Weblog
- Practical Tips to protect your Veeam Backup Repositories - ESX Virtualization
- 3-2-1-1-0 rule: Three different copies of data, two different media, one of which is off-site. That’s where the rule starts, have comprehensive ransomware protection with at least one copy being immutable and zero surprises with recovery verification.
- On Infrastructure as Code and Bit Rot :: packetmischief.ca
- The Power of PowerShell: Calculating Azure VMware Solution (AVS) Costs | davidstamen
- Managing Windows Firewall Rules with PowerShell | Windows OS Hub
- Lessons I've Learned Leading a Platform Engineering Team - Wahl Network
- What's the difference - Platform Engineers and DevOps Engineers?
- VMware vSphere 8.x Advanced Design Exam (3V0-21.23) Study Links – vcdx133.com
- Understanding Immutability Periods for GFS Backups | rhyshammond.com
- The key takeaways from the forum discussion are as follows:
Standalone Repositories: In the case of standalone repositories, data remains immutable throughout the GFS retention period. This means the backup data is secure and unchangeable throughout the entire GFS retention timeline.
Performance Tier without Capacity Tier: When using the Performance Tier without the Capacity Tier, data immutability holds for the complete GFS retention period.
Performance Tier with Move Policy Disabled: Similar to the previous scenario, if the ‘Move Policy’ is disabled within the capacity tier, the data will be immutable for the entire GFS retention period.
Performance Tier with Move Policy Enabled: When the Move Policy is enabled within the Capacity Tier, unlike the previous example, immutability is applied as per the repository’s immutable retention period.
On Capacity Tier: For backup data stored on capacity tier, the immutability aligns with the repository’s settings.
On Archive Tier: Within the Archive Tier, data immutability is for the entire GFS retention period.
- Surprise Firmware update & BitLocker | Virtually Fun
- Hook, Line, and Sinker: The Fallacies of Phishing Simulations – Mikail's Blog
- Western Digital Drive Update Guide Without Windows/WD Dashboard - Framework Laptop 13 - Framework Community
- Securing PostgreSQL client connections in VMware Data Services Manager using TLS - CormacHogan.com
- Terraform and vSphere – Part 3: Import Resources – Adventures in a Virtual World
- Microsoft Azure Strategic Migration Assessment & Readiness Tool - Thomas Maurer
- Prepare your Azure Cloud Environment with the Cloud Adoption Framework - Thomas Maurer
- Download the Active Directory Security Playbook for 2023 (Free) - The things that are better left unspoken
- Chess Board « The Realm of the Verbal Processor
- A Technique To Monitor Kubernetes Controller Latency – Povilas Versockas
- Start with Cloud Adoption Framework enterprise-scale landing zones #CAF #Azure #Cloud #MVPBuzz – Robert Smit MVP Blog
- NFS4.1 datastore disconnected after the Netapp storage upgrade\failover. | Techbrainblog
- Blocking ISO mounting :: malicious.link — welcome
- Layer 2 VPN from Mikrotik to linux – Proxmox PVE | blog.erben.sk
- New – Amazon EC2 Hpc7a Instances Powered by 4th Gen AMD EPYC Processors Optimized for High Performance Computing | AWS News Blog
- Join AWS Hybrid Cloud & Edge Day to Learn How to Deploy Your Applications in the Everywhere Cloud | AWS News Blog
- Welcome to AWS Storage Day 2023 | AWS News Blog
- Prime Day 2023 Powered by AWS – All the Numbers | AWS News Blog
- Introducing the first AWS Security Heroes | AWS News Blog
- New – AWS Public IPv4 Address Charge + Public IP Insights | AWS News Blog
- How to use multiple Docker registry mirrors
- Docker is deleting Open Source organisations - what you need to know
- Blazing fast CI with MicroVMs
- Fixing the UX for one-time tasks on Kubernetes
- Optimize your Cloud Storage Bill – Cody Hosterman
- Deciding Between an Attorney or Online Forms for Estate Planning - FindLaw
- DIY perfectly coiled cable guide
- Kubernetes for vSphere Admins - part of the June 2023 VMware User Group Global Virtual Event series - CormacHogan.com
- Chaos Engineering Stories – Laurent Domb
- VMware Ransomware Recovery - How it works? - ESX Virtualization
- A Multi-Cloud Strategy, Design Frameworks, and Day 2 Operational Thoughts
- The Value of Infrastructure Agnosticism and Multi-Cloud Design
- Using the AWS CLI to Collect Amazon S3 Bucket Object Information | davidstamen
- Using the AWS CLI to Collect Amazon Elastic Block Store (EBS) Information | davidstamen
- Detecting Secrets in Container Images - VMware Security Blog - VMware
- Findlargedir: Find all "blackhole" directories with a huge amount of filesystem entries - Help Net Security
- “One of my roles in the previous team was Head of Storage Department and we had many storage clusters totaling in 300 PB of raw disk space. One of the frequent issues for our customers was accumulating many files in a single flat directory, typically caused by cache files or object storage emulation, that would eventually cause visible performance degradation. The exact moment of directory lookups being heavily performance impacted depends on several factors such as storage performance, filesystem in use as well etc. Still, we typically observe issues when there are above 1M of files in a single directory. We have been identifying such issues initially by regular BSD and Linux system tools. However, it was painfully obvious that many core tools were never designed to cope with modern high IOPS and high IOdepth systems,” Dinko Korunic, the author of the tool, told Help Net Security.
- How to Find Files That Have Been Changed in Last 24 Hours
- $ find ~/Downloads -type f -newermt "24 hours ago"
- Machine Learning in Linux: Ollama - self-hosted Llama 2 - LinuxLinks
- Veilid
- Importing updates into WSUS | >_
- Elo Touch – 5Ghz Wireless (Channel Support?)
- Let’s Encrypt SSL Wildcard Certificate
- Oracle Certified Master's - Blogs: ORACLEASM: Instantiating disk: failed
- Quickly switch between two custom screen resolutions from the Linux command line – 0xf8.org
- Monitoring my home's air quality (CO2, PM2.5, Temp/Humidity) with AirGradient's DIY sensor | Jeff Geerling
- How to safely store passwords on a Linux server | TechRepublic
- gnupg2
pass
pinentry-tty
- How to Flush Local DNS Cache on Linux - Putorius
- resolvectl statistics | grep -i cache
resolvectl flush-caches
- How To Connect to SSH Without Typing a Password - ByteXD
- Ansible Debug Module - OSTechNix
- How to Install Vaultwarden Password Manager with Docker
- VMware Finds Linux Malware on the Rise - The New Stack
- Alas, VMware has found that because we haven’t focused on detecting these threats our existing Linux malware detection and prevention tools aren’t up to the job.
It also doesn’t help us that there are no fewer than nine major ransomware families targeting Linux systems. These include a Linux version of REvil; DarkSide; BlackMatter; and Defray777. Several of them are available as Ransomware as a Service for people without much of a technical clue but who want to make some quick cash.
The cryptojackers’ cryptocurrency of choice is Monero cryptocurrency (XMR). Eighty-nine percent of Linux cryptominers used XMRig-related libraries.
VMware’s research team discovered more than 14,000 active Cobalt Strike team servers on the internet since the end of February 2020.
VMware TAU explains you need many bricks in your wall. VMware, of course, recommends its own Endpoint Detection and Response (EDR) solution and Network Detection and Response (NDR). These are good tools, but there are other programs that can help. And of course, simply practicing good Linux and container security is a must.
- Excellent Utilities: croc - securely transfer files and folders - LinuxLinks
- How to install YubiKey Manager GUI on Linux - nixCraft
- Securing open-source software won't come cheap • The Register
- How To Reuse SSH Connection With Multiplexing To Speed Up - nixCraft
- Building and operating a pretty big storage system called S3 | All Things Distributed
- Beginner's Guide to Syslogs in Linux [Real World Examples]
- FinOps: Optimizing Financial Infrastructure With DevOps
- IDLC - Investment Development Life Cycle
Concept and Plan
Documentation and Feasibility Analysis
Financial Investment
Sandbox Execution
Project Execution
Team Feedback
FDLC - Financial Development Life Cycle
Concept Plan: Revisiting the set of ideas to further optimize the source of income.
Documentation & Feasibility Analysis: This is when the financial model is further improved, especially based on community feedback. Feasibility is always re-assessed in this stage.
Financial Investment: Based on revised feasibility and potential of the ongoing project, investments for sandbox level testing and actual project execution is reallocated to the core team.
Sandbox Execution: The revised sandbox is retested for financial potential.
Project Execution: The revised project is now agreed upon as client-ready and a further improved self-sustainable financial model.
Team Feedback: At this stage, the project is now ready for the community as well, that is the public domain.
Community Feedback: When the project is ready for release to the public, a mixed community of founders, investors and clients can come together and make a final update to the project.
Whitepaper Publication: The relevant business whitepaper for the project can now be finally published.
Productivity Reviews: Treating a business whitepaper as a product can be an effective approach towards enhancing its value in the area it was made for. Honest public product reviews make sure, the project is at par with everyone's interests and always future ready.
- How to Manage Terraform State in an AWS S3 Bucket
- Communicating a Team Philosophy Using Books - Unadulterated Nerdery
- OpenSSH Security Hardening Guide for Linux
- Ansible Variables - OSTechNix
- How to Install vyOS RouterOS with KVM
- Access Proxmox Virtual Machine With SPICE Client - OSTechNix
- SPICE, short for Simple Protocol for Independent Computing Environments, is an opensource remote desktop application to access virtual machines.
- Protecting Against the Spring4Shell Vulnerability | eSecurityPlanet
- Getting Started with Docker Semi-Self-Hosting on Linode | Linux Journal
- VCP-VMC training & exam free for a limited time – vcdx133.com
- My adventures with 6 GHz and my Pixel 6a phone | The Packetologist
- PODCAST: MODEM.show, DHCP option 108 - The ForwardingPlane
- The mess of IPv6 Unique Local Addressing - The ForwardingPlane
- NSA shares tips on blocking BlackLotus UEFI malware attacks
- In today's advisory, the U.S. intelligence agency recommended the following measures as additional mitigations:
Apply the latest security updates, update recovery media, and activate optional mitigation
Harden defensive policies by configuring endpoint security software to block BlackLotus malware installation attempts
Use endpoint security products and firmware monitoring tools to monitor device integrity measurements and boot configuration
Customize UEFI Secure Boot to block older (pre-January 2022), signed Windows boot loaders
- Helpdesk Skills Fit the Bill | The Networking Nerd
- Documenting All the Things
- From the Canyon Edge: My Walk on the Portuguese Camino de Santiago, 2023
- The value of the hyperscaler + hypervisor model | CloudXC
- [Short Tip] Plot live-data in Linux terminal – /home/liquidat
- 2023-07: UNIX Philosophy, Dev Containers | KWLUG - Kitchener-Waterloo Linux User Group
- Using clap to build nice command line interfaces
- Expired VMware vCenter certificates · vNinja.net
- Check for Open (Listening) Ports with PowerShell | Windows OS Hub
- TNC ny-msg01 -Port 25
- Passkeys are great but are they suitable for the enterprise? – Mikail's Blog
- Managing infrastructure with Terraform, CDKTF, and NixOS
- Sysadmin ramblings: Linux - what's using my swap?
- for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n | tail
- Vanguard’s Special Tax-Efficient ETF and Mutual Fund Combo — My Money Blog
- Experimenting With ZFS | Murray's Blog
- ZFS Without Tears
- ZFS < CF < TWiki
- Why I do not use ZFS as a file system for my NAS
- zfs_overview.pdf
- OpenZFS - The Final Word in File Systems
- A Closer Look at ZFS, Vdevs and Performance · Constant Thinking
- ZFS 101—Understanding ZFS storage and performance | Ars Technica
- ZFS Pool Import Fails After Power Outage | SolutionOriented Blog
- Turbocharging ZFS Data Recovery | Delphix
- Fixing the Proxmox VE Cannot Import rpool ZFS Boot Issue
- ZFS Corruption: Postmortem :: Daemon Security, Inc.
- zfs: cannot import : I/O error Destroy and re-create the pool from a backup source - Systems Administration Problem Solvers
- Your FreeNAS, or FreeBSD, ZFS zpool lost power and can’t be accessed.
Boot the machine and enter the boot loader menu and set these:
set vfs.zfs.debug=1
set vfs.zfs.recover=1
set debug.bootverbose=1
boot -s <enter> to start the machine in single user mode.
Once booted:
zpool import -fFX -o readonly=on -R /mnt tank (or whatever the name of your zpool is).
This should work in most all cases and allow you to rsync/scp/copy your data off of the zpool.
Don’t deviate from the above. I know you are super smart and believe you don’t need to set the flags, don’t need single user mode, or don’t need to mount in read only. You do. Don’t waste time and risk screwing up the pool permanently.
- software raid - ZFS I/O Error, Kernel Panic during import - Server Fault
- zpool import -fFX <poolname>
- ZFS - cannot import '' I/O error | The FreeBSD Forums
- quite a bit of messages like this when running -FX
- 12 Commands to Find User Account and Login Info in Linux
- 1. id Command – Show User and Group IDs
2. groups Command – View User Group Memberships
3. finger Command – Show User Information
4. getent Command – Fetch User Info from System Database
5. grep Command – Search for Patterns or Specific Text in Files
6. lslogins Command – Display User Information in Linux
7. users Command – List Current Logged-In Users on Linux
8. who Command – Show Information Of Currently Logged-In Users
9. w Command – Show Currently Logged-In User Activity
10. last Command – Show Most Recent Login Session
11. lastb Command – Show Failed Login Attempts
12. lastlog Command – List User Login Information
- InkBox
- AI pioneer Geoffrey Hinton isn't convinced good AI will triumph over bad AI | Engadget
- How to Reset the Group Policy Settings on Windows | Windows OS Hub
- The computer settings (Computer Configuration section) are stored in %SystemRoot%\System32\GroupPolicy\Machine\registry.pol
The user settings (User Configuration section) are stored in %SystemRoot%\System32\GroupPolicy\User\registry.pol
- Find Inactive (Unused) Distribution Lists in Exchange/Microsoft 365 | Windows OS Hub
- The trajectory of "AI" features - SysAdmin1138 Explains
- How to Get a List of Local Administrators on Computers? | Windows OS Hub
- Using Bicep to Deploy a Microsoft SQL on Azure VM with Cloud Block Store Volumes | davidstamen
- A new whitepaper: Veeam Backup & Replication V12 enhanced security and scalability with object storage Secure Mode - Virtual to the Core
- Perform an Azure Virtual Machine (VM) inventory with PowerShell - ivobeerens.nl
- 3 Ways to Minimize Cloud Costs | APMdigest - Application Performance Management
- 1. Start with Strategy
■ Do we have the proper processes in place for maximum efficiency?
■ Are we getting the most out of this application?
■ Could we execute in a more efficient way by building a custom application or investing in application integration?
2. Customize Your Cloud Environment
The cloud's adaptability and flexibility are two of its biggest advantages. You may consider embracing strategies like "just-in-time" services: an approach to reducing waste by ensuring you're investing in just what you need, when you need it, and nothing more. Starting small and scaling as needed is possible, so long as you're willing to evaluate alternative options to your legacy systems.
Reducing redundant applications and resources, offloading to different storage buckets, and leveraging on-demand tools and APIs are all practical strategies for increasing value and reducing waste when it comes to cloud spend.
3. Consider Adopting a Hybrid Approach
A hybrid approach is useful for less regulated industries as well. It's not practical for businesses that work with large amounts of data every day to pull information into the cloud, process it, then bring it back down — keeping high-touch data stored on-premises may lead to more efficient processes.
- How to Move Files with PowerShell - Thomas Maurer
- Move-Item -Path C:\Temp\* -Destination C:\Backup -Recurse
- IT Professionals Experiencing Substantial Shift in Responsibilities | APMdigest - Application Performance Management
- DataOps uses a combination of technologies and methods with a focus on quality for consistent and continuous delivery of data value, combining integrated and process-oriented perspectives on data with automation and methods analogous to agile software engineering.
DevOps uses collaborative, agile approaches paired with extensive automation development pipelines, testing, infrastructure configuration, provisioning, security controls, and life-cycle continuous integration (CI) for continuous development and continuous delivery (CD).
DevSecOps uses a methodology that asserts that security needs to be prioritized at the beginning of the DevOps delivery pipeline. It enables DevOps teams, collaborating with security, to act as key stakeholders in defining and implementing security policies.
ITOps uses technology and methods to provide routine, scheduled tasks and unscheduled support activities related to IT systems. ITOps professionals may spend as much as 50% of their time engaged with business users in support, the elicitation of requirements, and performing contingent or secondary business tasks.
MLOps uses technology and processes to streamline and automate the entire machine learning (ML) life cycle. The key capabilities include managing and automating ML data and pipelines, ML code, and ML models from data ingestion to model deployment, tracking, and monitoring. MLOps uses similar principles to DevOps practices, applied to machine learning processes.
Platform engineering is a discipline of designing and building toolchains and workflows that enable self-service capabilities focused on managing and optimizing the software delivery process to deploy applications and services to cloud platforms.
Site reliability engineering (SRE) includes software engineers who build scripts to automate IT operations tasks such as maintenance and support. To enable efficiency and reliability, SRE teams fix operational bugs and remove manual work in rote tasks.
Systems administrators configure, maintain, and support computer systems and systems of systems using a variety of tools and methods appropriate to the system or systems of systems in use. They may spend as much as 50% of their time engaged with business users in defining key requirements, business goals, and adaptations needed to maintain fit for use and fit for purpose.
- Speedata Launches Workload Analyzer | APMdigest - Application Performance Management
- "Our team is committed to providing enterprises with the tools needed to accelerate their big data analytics workloads," said Jonathan Friedmann, Co-Founder & CEO of Speedata. "The Workload Analyzer is one of those tools, helping businesses focus on what's working and how to improve what's not. It's designed to help data engineers optimize their analytics with available infrastructure, set realistic goals, maximize their data, and maintain their competitive edge."
- Data Downtime Nearly Doubled Year Over Year | APMdigest - Application Performance Management
- The Wakefield Research survey, which was commissioned by Monte Carlo and polled 200 data professionals in March 2023, found that three critical factors contributed to this increase in data downtime. These factors included:
■ A rise in monthly data incidents, from 59 in 2022 to 67 in 2023.
■ 68% of respondents reported an average time of detection for data incidents of four hours or more, up from 62% of respondents in 2022.
■ A 166% increase in average time to resolution, rising to an average of 15 hours per incident across respondents.
- "Have you ever seen a culture recover?" - SysAdmin1138 Explains
- Blog
- Brad Whitehead
- Linux DataOps: a career path with endless potential - Linux Careers
- I consider myself a patient person, but 'The Password Game' might break me | Engadget
- Canonical Unveils Landscape 23.03: Streamlining Ubuntu Linux Management
- Generating Test Data With ChatGPT
- Five Years at Microsoft and Next Adventures
- 10 things you should know about Incident Response and Forensics in 2023 | CQURE Academy
- What if your Pods need to trust self-signed certificates?
- Building a 100% virtual SNA network on your desk! | Virtually Fun
- I booted Linux 292,612 times | Richard WM Jones
- Lithium-ion battery creator John Goodenough dies at 100 | Engadget
- ...it was Goodenough who achieved a major breakthrough in 1980 while at the University of Oxford. He made a cathode with layers of lithium and cobalt oxide that produced a stronger voltage while greatly improving safety. It had much more capacity than previous batteries, such as lead acid (used in cars) and nickel-cadmium (found in many portable electronics).
He received the Nobel Prize in Chemistry in 2019 and the US National Medal of science in 2011, among other accolades.
- Ansible Collections Tutorial For Beginners - OSTechNix
- OSV-Scanner: A free vulnerability scanner for open-source software - Help Net Security
- First steps with Mermaid, a diagramming and charting tool - RS1 Linux Tools
- Proposed NIST Updates and Data Incident Response Planning - Lawfare
- Homemade Cheap Granola Cereal Recipe -- Vegan and Allergy Friendly | Penniless Parenting
- Watchtower: Automatically Update Docker Container Images
- 10 open-source recon tools worth your time - Help Net Security
- Altdns
Amass
Aquatone
Assetfinder
Gobuster
Gotator
HTTPX
Naabu
MASSCAN: Mass IP port scanner
WhatWeb – Next generation web scanner
- How to Install Jupyter Notebook on Linux, Windows, and Mac
- KubeCon Database Trends | Redis Enterprise
- The Cyberlaw Podcast: Cryptopocalypse - Lawfare
- Two Visions of Digital Sovereignty - Lawfare
- The Cyberlaw Podcast: When AI Poses an Existential Risk to Your Law License - Lawfare
- Microsoft confirms June Outlook and OneDrive outages were caused by DDoS attacks | Engadget
- Configuring Event Viewer Log Size on Windows | Windows OS Hub
- To increase the maximum size of the log, you can use the wevtutul command line tool (the new size is set in KB):
wevtutil sl "Application" /ms:200000
- ITSM Academy Ends ITIL Training | APMdigest - Application Performance Management
- By a letter dated June 13, 2023, ITSM Academy informed PeopleCert, the owners of ITIL, ITSM Academy will be terminating their ITIL accreditation agreement effective December 31, 2023.
As of that date, ITSM Academy will no longer hold accreditation to deliver ITIL 4 framework training, correlating mandatory examinations, or have ITIL classes available for learners needing to meet the requirements to maintain PeopleCert Continuing Professional Development validation.
ITSM Academy will continue delivering DevOps courses as a PeopleCert Authorized Training Organization (ATO).
ITSM Academy's 20-year history of ITIL® education ends 12.31.23, so the Academy can focus on other portfolio classes.
"From the start, we have defined our role in the industry by providing the most current, meaningful education available. The recent turbulence in the service and experience management markets has triggered a strategic evaluation of our future," stated Lisa Schwartz, ITSM Academy founder and CXO.
Over the years, ITSM Academy has remained at the core of new industry developments, translating those trends into effective courseware allowing organizations to grow, improve, and better deliver IT services. These same classes are also thoughtfully designed to deliver an exceptional learner experience.
"Making this decision was incredibly hard. Walking away from one of our flagship lines is sad, a little scary, but also exhilarating. PeopleCert has a direction of travel for their ITIL products that no longer feels compatible with our core mission and goal. We wish them continued success with their plans for the ITIL 4 framework," continued Schwartz.
"We are proud that hundreds-of-thousands of enthusiastic professionals have trusted ITSM Academy to deliver the positive training experience they deserve. We appreciate your loyalty. You can count on us to never waver in our commitment to enable learners to return to work with tangible, practical ideas for incremental improvements. My team and I are delighted to continue to educate and inspire you and yours," finished Schwartz.
- Querying Windows Event Logs with PowerShell | Windows OS Hub
- Illuminating Your Console: Enhancing Your Linux Command Line Experience with ccat | Linux Journal
- Harness the Power of the Command Line: Searching Files and Google from Linux | Linux Journal
- Hacking and Cybersecurity: Class 1, Practical Cybersecurity - Lawfare
- The Lawfare Podcast: The Dark History of the Information Age - Lawfare
- 8 Mysterious Ways to Use the (!) Operator in Linux Commands
- The National Cybersecurity Strategy: Breaking a 50-Year Losing Streak - Lawfare
- Software companies should no longer be incentivized, for example, to rush insecure products to market, maximizing their profit but inflicting insecurity on everyone else.
- The Cyberlaw Podcast: Debating AI Regulation - Lawfare
- Machine Learning in Linux: BackgroundRemover - remove backgrounds from images and video - LinuxLinks
- How to Generate Random Passwords in Linux
- 20 cybersecurity projects on GitHub you should check out - Help Net Security
- Wolfgang Ziegler - Migrating a Linux system to a larger SSD
- pv < /dev/sda > /dev/sdc
- How to Test Ansible Roles with Molecule and Docker
- Map of the AWS Well-Architected Framework
- Moog celebrates 70th anniversary with musical web app | Engadget
- Managing Partitions with sgdisk - Fedora Magazine
- Multiboot USB drive - ArchWiki
- The cyber gulag: How Russia tracks, censors and controls its citizens - Japan Today
- G7 officials to hold first meeting on AI regulation next week - Japan Today
- GitHub - ndeineko/grub2-bios-uefi-usb: Create a usb boot drive with support for legacy BIOS and 32/64bit UEFI in a single partition on Linux
- New York State AG proposes broad regulations for the cryptocurrency industry
- Scientists observe elusive missing step in photosynthesis’ final stage
- The Supreme Court’s Warhol decision could have huge copyright implications for ‘fair use’ | Engadget
- How to Choose Your Career: Venn Diagram — My Money Blog
- Grub2/ISOBoot - Community Help Wiki
- 2023 Berkshire Hathaway Annual Shareholder Meeting Video, Transcript, and Notes — My Money Blog
- you should write your obituary and then try and figure out how to live up to it.
- mikas blog » Blog Archive » Boot an ISO via Grub2
- GNU GRUB Manual 2.06: Making a GRUB bootable CD-ROM
- How 80,000 Hours has changed some of our advice after the collapse of FTX - 80,000 Hours
- Fidelity Money Transfer Lockdown: Block Fraudulent ACAT Transfer Brokerage Scams — My Money Blog
- Public using ACAT, and Public did not send me a single email, text, or phone call. My Public account was simply zero one day. Now, I did request this transfer, but what if I didn’t?!?
- Aer Travel Pack 3 Review: Two Steps Forward But One Back - foXnoMad
- Aer Travel Pack 3
- The Japanese Philosophy You'll Love, Based On Your Myers-Briggs® Personality Type - Psychology Junkie
- joeware – never stop exploring… :) » Blog Archive » And we are back…
- Java 17 vs Java 11
- How to setup SonarQube
- The Developers guide to remote work
- Trust, Risk, and Opportunity: Overseeing a Comprehensive Data and Privacy Strategy
- What does a CISO chief information security officer do?
- Security operations: This function involves real-time analysis of threats, including watching the tools that monitor a company’s firewalls, entry points, databases and other internal environments. When something goes wrong, these folks are supposed to discover and triage the problem.
Cyberrisk and cyber intelligence: Corporate boards often ask CISOs to get out ahead of new types of attacks that could be harmful, business deals that could introduce risk of a breach or new products that might weaken security.
Data loss and fraud prevention: People emailing out sensitive information, or insiders stealing intellectual property when they quit, are two examples of what these professionals handle. They use tools that monitor the flow of information in an organization, to spot when large amounts of data are leaving the company.
When Elon Musk said an engineer at Tesla
was flagged for sending source code outside the firm, that type of problem is usually handled by this team.
Security architecture: This person builds the security backbone of a company, sometimes from the ground up, in part by deciding where, how and why firewalls are used. These pros may also make decisions like how to separate or segment certain networks. They may also rely on penetration testers or ethical hackers to test the defenses they create for the company.
If you wondered how the WannaCry or NotPetya ransomware moved so rapidly between different parts of some affected companies, that’s because many companies had “flat” networks with no way to quarantine the attack between business units. A security architect could help build a more resilient network.
Identity and access management: These employees deal with credentials. When you get your username and password at a new company, it likely went through the hands of somebody in this field. These professionals maintain who has access to which tools, who gets which email addresses and how rapidly those credentials are taken away when somebody gets fired.
That last point is key and if mishandled can lead to a lot of data loss. In one famous case involving an engineering firm in Tennessee, an ex-employee was able to access valuable information for several years after leaving for a competitor because his credentials were never retired.
Program management: Once a company has measured its risks, gathered intelligence and mapped where its data is going, it may find some gaps. To fill those gaps, companies create projects and programs. Cybersecurity program managers don’t always have a deep technical background, but they know how to build and manage new initiatives meant to keep the company safer.
One example of a common program: patching systems on a regular basis. When program management is poorly handled, you can have missed patches -- like the one that led to the massive data breach at Equifax
and cost CEO Richard Smith his job.
Investigations and forensics: These pros are the “cops” of the cybersecurity organization, and many of them do indeed come from a background in law enforcement. When an incident occurs, they may work with outside law enforcement agencies, consulting firms, government agencies or sometimes on their own to conduct forensics. If an employee got caught emailing source code, these are the cybersecurity employees who will both prove that it happened and then may sit him or her down for a conversation about it.
When the Democratic National Committee brought in Crowdstrike and worked with the FBI on suspected email attacks during the 2016 campaign, those were two teams of investigative professionals who, in part, tried to determine who perpetrated the attack. The forensic results are what you can read in the indictment of 12 Russian nationals released last week by Rod Rosenstein.
Governance: All of this can cost a lot of money, and these employees can help mind the budget and provide other types of oversight. Security programs have to keep running smoothly or else they may never get finished. Regulations bubble up and change frequently, and employees need to be hired to staff these jobs. Good governance can involve setting up a framework based on factors important to the business, and making sure the entire cybersecurity organization is functioning well. A lack of governance can lead to big problems, such as CEOs never getting a clear picture of significant cyber problems in their organization, or senior officials never getting properly trained on how to spot phishing attempts.
- Are you Prepared For 100% Turnover?
- A Getting Started Guide to Kubernetes Namespaces
- Chris's Wiki :: blog/sysadmin/IPv6OurPassiveExposure
- Robert Milkowski's blog: NFSv4 + Kerberos: 4 minutes of slowness
- Galactic Civilizations IV: Supernova Supernova uses AI to write lore
- Delta Dental uses Feedly to cut threat intelligence gathering time in half – Feedly Blog
- Both/And Thinking - Vicious Cycles (Chapter 2) ! even the horse knew
- Both/And Thinking - Last 2 Paradox Types ! even the horse knew
- Both/And Thinking - First 2 Paradox Types ! even the horse knew
- Both/And Thinking - Introduction ! even the horse knew
- The crux of Both/And thinking is to “think about our dilemmas differently? What if, instead of trying to choose between the mutually exclusive options, we start by surfacing the paradoxes that lurk beneath our dilemmas and recognize that those paradoxes cannot be solved? Instead of choosing between alternative poles of a paradox, what if we ask a different question: how might we engage both poles simultaneously? How might we accommodate competing demands over time? Doing so invites us into both/and thinking, embracing tensions to enable more creative, effective, and sustainable solutions.”
- Is the Cloud actually greener? - Tekhead.it
- Google Professional Cloud Security Engineer Exam Prep notes - Part 4 ~ The Technology Chronicle
- Tech basics series : Containers , Microservices & Kubernetes - Part 3 ~ The Technology Chronicle
- Tech basics series : Containers , Microservices & Kubernetes - Part 2 ~ The Technology Chronicle
- Tech basics series : Containers , Microservices & Kubernetes - Part 1 ~ The Technology Chronicle
- Google Professional Cloud Security Engineer Exam Prep notes - Part 3 ~ The Technology Chronicle
- Google Professional Cloud Security Engineer Exam Prep notes - Part 2 ~ The Technology Chronicle
- Google Professional Cloud Security Engineer Exam Prep notes - Part 1 ~ The Technology Chronicle
- Listening Between the Lines
- Three Ways to Listen Between the Lines
1. Ask open-ended questions. Remove the blame from the attendees. “What could I explain better to make this clear?” makes it the trainer’s fault if some listeners don’t understand.
2. Check for understanding with a prompt such as “In one sentence, tell me the most important way this impacts your job.” A reply phrased as a question suggests uncertainty and perhaps the need to reinforce learning.
3. Listen for clues. Was there a hesitation before responses? Were answers to your questions confidently given? Did all attendees chime in? Tone and delivery help you discover what the words may be hiding.
- MFA is NOT Bulletproof | Sensei Enterprises, Inc.
- Azure Well Architected framework - An Introduction ~ The Technology Chronicle
- DCOM Hardening | >_
- Sysadmin Stories: A Quick Look At Terraform Provider for Ansible
- 5 Tips for Getting the Most Value from Logs | APMdigest - Application Performance Management
- 1. Choose carefully what to log
2. Establish a baseline for comparison
3. Choose messages that support decisions
4. Keep log messages concise and relevant
5. Make sure log messages are clear
- The April 2023 Updates provide further urgency to Netlogon RPC Sealing - The things that are better left unspoken
- My Sovol SV06 - Can It Match My Prusa MK3S? - Patshead.com Blog
- GPT on Arch Linux - Jeremy's Programming Blog
- IT That Should Just Work: Start All Exchange Services Automatically
- Get-Service -DisplayName "Microsoft Exchange*" | Where-Object {$_.Starttype -eq "Automatic" -and $_.Status -ne "Running"} | Start-Service
- Linux – Bash script for initiating time sync with NTP server | geekdudes
- Computers Are Bad
- Logz.io Adds Security Scanning to Kubernetes 360 | APMdigest - Application Performance Management
- Mastering the journalctl Command: A Comprehensive Guide | Linux Journal
- Recommendations for Oracle 19c Patches in Azure
- Oracle Workloads on Azure- IO is King!
- Infrastructure Cost Optimization MUST Include the Relational Database – No Matter the RDBMS
- Azure IO Performance for the RDBMS DBA- Part II
- Backup Scenarios for Oracle on Azure IaaS
- Estimate Tool for Sizing Oracle Workloads to Azure IaaS VMs
- Oracle workloads - Microsoft Azure Well-Architected Framework | Microsoft Learn
- Demystifying Kubernetes Operators: Creation, Benefits, and Use Cases | Linux Journal
- Kubernetes vs. Docker: Exploring the Synergy in Containerization | Linux Journal
- Stabilizing Migrations to the Cloud with SQL Baselines
- Running Simple HTTP Web Server Using PowerShell | Windows OS Hub
- Sysadmin Stories: Moving Backups to Hardened Linux Repositories
- Terence Luk: Automating the creation of Azure Calculator estimates with Selenium and Python
- Remove expired root certificates from a vCenter Server the easy way - ivobeerens.nl
- Install-Module VMware.PowerCLI -Scope CurrentUser -Force -SkipPublisherCheck -AllowClobber
Connect-VIServer "VCENTER-FQDN"
Get-VITrustedCertificate -vCenterOnly | Where-Object { $_.NotValidAfter -lt (Get-Date) }
Get-VITrustedCertificate -vCenterOnly | Where-Object { $_.NotValidAfter -lt (Get-Date) } | Remove-VITrustedCertificate
- The best way to compost your food scraps | Engadget
- The early days of Linux [LWN.net]
- Cybersecurity Seminar Series · UCSF-Stanford Center of Excellence in Regulatory Science and Innovation (CERSI)
- How to compost in Greenville, SC - GVLtoday
- Atlas Organics | Creating Compost and Reducing Waste
- Composting At Home | US EPA
- Home Composting Basics – Institute for Local Self-Reliance
- Backyard Composting | New Mexico State University - BE BOLD. Shape the Future.
- JG-Complete-Guide-to-Home-Composting.pdf
- Comixology’s Marvel Comics app is shutting down in June | Engadget
- Although Marvel has apparently gone out of its way to make this transition relatively smooth, it still illustrates the potential for chaos when digital content shifts platforms. We don’t own any of this stuff, so when parent companies mismanage apps, lay off workers and shuffle priorities, we’re left to hope mega-corporations want to do right by their customers — a trust factor worth bearing in mind any time you buy a comic, game or any other digital media.
- Baked Ziti Recipe
- Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity | International Medical Device Regulators Forum
- Remembering Virginia Norwood, the ‘mother’ of NASA’s Landsat program
- She reportedly had no issue with the “the mother of Landsat” moniker her peers gave her. “Yes, I like it, and it’s apt,” she said. “I created it, I birthed it, and I fought for it.”
- The Italian Data Protection Agency gives OpenAI a chance to avoid being banned | Engadget
- Supercharge Your Cloud Native App Development with Kubernetes
- Enhanced Resource Management: Kubernetes orchestrates the deployment, scaling, and operation of application containers across clusters of machines with great efficiency. This efficient management of resources ensures optimal usage of computing power, leading to cost reductions and improved productivity for developers and businesses alike. Kubernetes also provides an intelligent scheduler that places containers based on resource availability and constraints, further optimizing resource management.
Effortless Scaling Capabilities: Kubernetes simplifies the process of scaling applications by offering both horizontal and vertical scaling options. Horizontal scaling involves adding or removing instances of your application based on demand, while vertical scaling adjusts the resources allocated to each instance. With auto-scaling features, Kubernetes automatically scales your applications according to real-time metrics and pre-defined thresholds, improving performance and a superior user experience.
Simplified Deployment and Updates with Rolling Updates: Kubernetes leverages declarative configuration to define your application’s desired state, streamlining deployment and updates. It supports rolling updates, which incrementally update application instances with minimal disruption to users. This approach allows you to concentrate on writing code while Kubernetes oversees the deployment and updating of your applications, resulting in hassle-free rollouts, rollbacks, and feature implementations with minimal downtime.
Resilient Self-Healing Features and Load Balancing: Kubernetes has self-healing mechanisms that autonomously detect and resolve issues, such as container failures, network congestion, and resource depletion. It automatically restarts failed containers, reschedules containers on unresponsive nodes, and ensures optimal load distribution across available resources. Kubernetes also provides built-in load balancing for services, distributing network traffic efficiently and enhancing application performance.
Vibrant Ecosystem and Collaborative Community: Kubernetes is supported by a diverse ecosystem of tools, plugins, and services that can augment your application’s capabilities. From monitoring and logging solutions to CI/CD pipelines and security tools, the Kubernetes ecosystem has many offerings to meet your specific needs. Additionally, the platform boasts an engaged community of developers and users eager to exchange knowledge and expertise, fostering a collaborative environment.
Seamless Integration with Cloud Providers and On-Premise Infrastructure: Kubernetes is designed to be infrastructure-agnostic, making it easy to deploy and manage your applications on various cloud platforms, including AWS, Google Cloud, and Azure, as well as on-premise infrastructure. This flexibility enables organizations to adopt a multi-cloud or hybrid cloud strategy, providing increased agility and avoiding vendor lock-in.
- Automated Data Visualizations in Python « Oralytics
- 4 Trends in Cloud Infrastructure | APMdigest - Application Performance Management
- 1. Kubernetes Security and Observability
2. MLOps/LLMOps
3. Confidential Computing
4. WebAssembly
- PowerShell Measure-Object: A Complete Guide with Examples
- A Beginner Guide to Using PowerShell Hashtable
- How to Craft a Modern PowerShell Message Box
- 10 Japanese Concepts That Will Fire Your Self-Motivation For Certification Study | by Dave On Cyber | Medium
- (21) Using the principles of the Japanese Martial Arts to better handle your next audit. | LinkedIn
- questions
- Protecting your business with Wazuh: The open source security platform
- Ransomware hackers leak second batch of city data from Oakland attack | Engadget
- Matt Ventura's blog » Blog Archive » Restoring eBay’s Sale History Link
- // ==UserScript==
// @name Restore eBay sold items link
// @version 1
// @grant none
// @match *://*.ebay.com/itm/*
// ==/UserScript==
element = document.querySelector("div.d-quantity__availability span:last-child")
text = element.textContent
re = /(.*)\/itm\/([0-9]+).*/
url = document.location.href.replace(re, '$1/bin/purchaseHistory?item=$2')
element.innerHTML = '<a href="' + url + '">' + text + '</a>'
- World Backup Day March 31, 2023 | Born's Tech and Windows World
- Review of the VMware ESXi server cyberdebacle (Feb. 2023) | Born's Tech and Windows World
- WINDOWS-OPTIMIZATIONS/W10ANDW11-NETWORK-TCP-DESUBOPTIMIZATION.ps1 at main · MysticFoxDE/WINDOWS-OPTIMIZATIONS · GitHub
- The Quiet Collaboration between Canadians and Jimmy Carter - Open Canada
- 48 years and counting @ AskWoody
- April 4, 1975.
- Do you know the easy way to get into the boot menu? @ AskWoody
- On Windows 10 and 11, Click the Windows Start menu, then the Power button. While pressing down the Shift key, click the Restart button. This will take you to the Windows Troubleshooting options, where you can reboot to BIOS.
- Smart Pot® Fabric Planters
- New – Self-Service Provisioning of Terraform Open-Source Configurations with AWS Service Catalog | AWS News Blog
- My portable Lab – Retouw.nl
- 2 8
- Does CVE-2022-38023 have any impact to ONTAP 9 - NetApp Knowledge Base
- GitHub - otoriocyber/DCOM-HardeningTool: Powershell script for Windows to retrieve the authentication hardening status of DCOM applications
- Microsoft Defender Antivirus compatibility with other security products – Microsoft Systems, Cloud and azure professionals
- How to monitor Kubernetes Controllers – Povilas Versockas
- So to apply the Four Golden Signals method, I propose that you monitor the internal work queues. For example, you can watch the following metrics:
Latency – How long does it take to process an event from the work queue?
Errors – How often does the Controller retry an item due to an error?
Requests – How much work does the Controller get in its queue?
Saturation – How many items are in the queue? Or how long an item sits in the queue?
- Newsletters I Like Outside of Learning & Development
- e. I’m sure there’s a way to link the pages to the
- KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 - Microsoft Support
- Matt Ventura's blog » Blog Archive » Broadcom 9400 – Should You Buy One for a Homelab?
- How to Increase Virtual Machine Disk Size in VMware? | Windows OS Hub
- Import-CSV: Reading CSV Files with PowerShell | Windows OS Hub
- Misir Wot Recipe -- Ethiopian Red Lentil Stew -- Gluten Free, Vegan, and Delicious | Penniless Parenting
- berbere powder
- Best Buy’s new recycling program will let you mail in your old electronics | Engadget
- pickup
- Biden says it 'remains to be seen' if AI is dangerous | Engadget
- The dos and don’ts of location sharing | Engadget
- Catan creator Klaus Teuber has passed away at 70 | Engadget
- 40-Gigabit Infiniband: An Inexpensive Performance Boost For Your Home Network - Patshead.com Blog
- n’t relevant to the 40-gigabit or 56-gigabit hardware, but I think it is worth clearing up. All the cards in Mellanox’s 25000-series lineup follow the PCIe 2.0 spec, but half of the cards only support 2.5
- Twitter designates NPR as 'US state-affiliated media' | Engadget
- Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles | eSecurityPlanet
- Monitoring Oracle Servers With Checkmk | Linux Journal
- Employee and patient files from Montgomery General Hospital leaked by ransomware group
- How AWS uses eBPF to identify security risks
- A Complete Guide to Security Automation & Reporting Using Open Sour...
- Can You Crack a KeePass Database if You Forgot Your Password? - Davis Tech Media
- Using Hashcat Rules to Create Custom Wordlists | Infinite Logins
- Machine Learning in Linux: Dalai - LLaMA and Alpaca - LinuxLinks
- GitHub - vantzs/msptools: Free & Paid Tools for any Startup MSP - We offer consulting, contact vantz @ elitepconline (dot) com.
- Ansible Roles Tutorial For Beginners - OSTechNix
- Vulnerability in DJI drones may reveal pilot's location - Help Net Security
- 3 Things to Know About the 5-Step Risk Management Process – Business
- The four essential steps of the process include:
Risk identification: The process basically entails determining the events that can affect your project or organization. Risks can be identified by analyzing existing documents, conducting a brainstorming process, and leveraging standard methodologies like FMECA (Failure Mode Effects and Criticality Analysis).
Risk assessment: You can assess risks either using qualitative or quantitative analysis. The quantitative analysis assesses the financial effects of a risk event. Meanwhile, qualitative analysis assesses the criticality of risk based on its probability of occurring and its implications.
Risk treatment: Risk treatment aims to reduce the likelihood of a risk occurring or minimize its impact if it does occur.
Risk monitoring and reporting: Risk monitoring and reporting ensures that there are sound forums for reducing risk escalation. It also ensures that the appropriate responses are being taken to mitigate risks.
- Debian 12 Bookworm: Best New Features
-
Debian 12 now detects Windows 11 while using in a dual-boot setup.
Screen reader support is enabled by default for the Cinnamon desktop in Debian
Automatic launching of speech synthesis after 30 seconds timeout
Easier detection of multipath devices
Support for multiple initrd paths
Support for new ARM and RISC-V devices
Experimental DMRAID support is dropped
- Signs & Symptoms Indicating RAM Failure | Here's How To Identify Them
- The Best Way to Transplant Supermarket “Living Herbs” – Garden Betty
- Error Handling In Ansible Playbooks - OSTechNix
- Updating Micron 1100 Series SSD firmware on Linux - LIEBERBIBER
- M0MU03
- Chris's Wiki :: blog/tech/DiskErasingWhoAreYouStopping
- Chris's Wiki :: blog/linux/SoftwareRaidDiskCountEffects
- Microsoft's new Security Copilot will help network admins respond to threats in minutes, not days | Engadget
- Steam will drop support for Windows 7 and Windows 8 on January 1st, 2024 | Engadget
- Just under 1.9 percent of the software's audience is using one of the relevant Windows versions, according to Valve's latest survey. That still affects a significant number of people, though, and may leave them no choice but to either upgrade their OS or buy a PC with a supported platform. The end of support could be particularly troublesome if you need an older version of Windows for work or a retro gaming system.
- Sweet and Salty Cucumber Salad with Dill Recipe -- Gluten Free, Vegan, Allergy Friendly | Penniless Parenting
- Chris's Wiki :: blog/programming/BackportsAreHard
- Chris's Wiki :: blog/sysadmin/LetsEncryptSharedAccountEffects
- Chris's Wiki :: blog/sysadmin/BMCsCanNeedRebooting
- Create Windows VMs in Azure with Terraform - ivobeerens.nl
- Azure VMware Solution Syslog Forwarder – vcdx133.com
- Restore the Windows 11 Right Click Menu | PeteNetLive
- Chris's Wiki :: blog/sysadmin/AlertOnWhatYouCareAbout
- Chris's Wiki :: blog/linux/FindingPython2UsesWithAudit
- Chris's Wiki :: blog/sysadmin/AlwaysMakeAChecklist
- How to Migrate VMs to New vCenter using PowerCLI - Notes of a scripter
- Monitor your AWS bill · Major Hayden
- Was I Serious? How to Install GnuCOBOL on Debian 11 - LowEndBox
- My experience replacing the Steam Deck SSD | Logan Marchione
- New module for Malware Bazaar API | >_
- Powershell – Get file audit reports from Event Viewer | geekdudes
- $EventId = 4663
$results = Get-WinEvent -FilterHashtable @{logname='Security'; id=$EventId; StartTime = "03/24/2023 09:30:00" } |`
Where-Object { $_.message -match "C:\\folder1\\" -or $_.message -match "D:\folder2" -or $_.message -match "D:\folder3" -and $_.message -notmatch "Account Name:\s*account1*" -and $_.message -notmatch "Account Name:\s*machine$*"}`
| Select-Object -Property TimeCreated,
@{Label='Account'; Expression={$_.properties[1].Value}},
@{Label='ObjectNAme'; Expression={$_.properties[6].Value}}
$results | Export-Csv "C:\1.csv" -NoTypeInformation -Encoding UTF8
- Hybrid Cloud - Shared Responsibility Model » cyberfella_btc
- Chris's Wiki :: blog/linux/LinuxBlockDiscardInPractice
- Chris's Wiki :: blog/web/WebServerMTLSHazards
- Chris's Wiki :: blog/tech/SSDBlockDiscardHowSecure
- Systemd Hardening — Peter's IT Docs
- Logging of interactive user sessions to rsyslog – Running Systems
- Explore the Command and Ensure the Efficiency - tommymaynard.com
- Use Let's Encrypt certificates with Cockpit :: TODO: Document — typealias Writer = Developer
- Cmdlets 101: What They Are and How to Use Them in PowerShell
- SSSD and SUDOers – Stuff I'm Up To
- IP Address RegEx – Stuff I'm Up To
- grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' file
- AWS Clean Rooms Now Generally Available — Collaborate with Your Partners without Sharing Raw Data | AWS News Blog
- How to Detect PoshC2 PowerShell Implants - VMware Security Blog - VMware
- PoshC2
- Reduce costs with Azure Spot virtual machines - MARKSWINKELS.NL
- Which database to choose from cloud? | Cloud System Automation and configuration management
- Sending an E-mail to a Microsoft Teams Channel | Windows OS Hub
- CISA director urges top business leaders, board members to take cyber risk ownership | Cybersecurity Dive
- Internet Archive violated publisher copyrights by lending ebooks, court rules | Engadget
- Enforcement of Cybersecurity Regulations: Part 1 - Lawfare
- Building From the 2023 National Cybersecurity Strategy: Reshaping the Terrain of Cyberspace - Lawfare
- IAPP - EU Data Initiatives in Context
- CTG_Case Study_Agfa HealthCare_SAFe Implementation Consultancy and Training Reference.pdf
- OpenAI says a bug leaked sensitive ChatGPT user data | Engadget
- The NIS 2 Directive: what does it mean for my organization? | Centre for Cyber security Belgium
- Windows 11 security flaw exposes cropped-out screenshot data | Engadget
- aCropalypse
- Hacks Weekly #48 Introduction to Stackwalking | CQURE Academy
- Can TikTok convince the US it’s not a national security threat? | Engadget
- contagio: Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples)
- ODA and Dbvisit : Create a SNAPSHOT database?
- A generic jdbc tester (part II)
- A generic jdbc tester (part II)
- A generic jdbc tester (part III)
- A generic jdbc tester (part III)
- SEHA on ODA?
- SEHA on ODA?
- A generic jdbc tester (part I)
- A generic jdbc tester (part I)
- Log Rotation in JBoss-EAP
- Log Rotation in JBoss-EAP
- Uyuni, an open-source configuration and infrastructure management solution for software-defined infrastructure (2) – Adding a client
- Uyuni, an open-source configuration and infrastructure management solution for software-defined infrastructure (1) – The server
- Uyuni, an open-source configuration and infrastructure management solution for software-defined infrastructure (1) – The server
- Create and manage Ansible Execution Environments
- Secure your SQL scripts with an Oracle wallet
- Overcome jboss-cli Limitations with Ansible
- Overcome jboss-cli Limitations with Ansible
- Apache JMeter Playground
- Oracle TDE part II : Encrypting Data
- Oracle TDE part II : Encrypting Data
- Why you should consider keeping your ODA more than 5 years
- Oracle TDE part I : Configuring the Encryption
- Oracle Database Backup Cloud Service
- Assess security risks in your open source project with Scorecard | Opensource.com
- Homemade Chocolate Bars - Just 3 Ingredients!
- One Sheet Plywood Bookshelf | Kreg Tool
- Five Estate Planning Moves to Make After Divorce - FindLaw
- Kali Linux: What's next for the popular pentesting distro? - Help Net Security
- Two questions drive Kali’s development:
1. What needs to be done to ensure that Kali Linux is the best possible platform for professional and hobbyist information security work?
2. What needs to be done to ensure that Kali is the best possible platform for information security training?
- Controversy of 'init' and 'systemd' in Linux
- How to Install Cortex Observable Analysis Tool on Ubuntu 22.04
- Getting Started With Proxmox Backup Server - OSTechNix
- How to Create Your Own Self-Hosted Office 365 with Cryptpad - Make Tech Easier
- Use Ansible To Automate Logical Volume Manager (LVM) - OSTechNix
- How to Install and Use Vuls Vulnerability Scanner on Ubuntu 22.04
- Automating Role Assignment Cleanup in Azure with PowerShell - Cloud for the win!
- Just one more esxi-guy: Esxi Boot Disk Information
- Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware
- Reducing risk. CISOs continue to face significant challenges in reducing the risk and limiting the scope of disruption to critical business functions that result from cyberattacks. The adversaries that target them are relentless, skilled, persistent, adaptive, and have at their disposal an ever-growing array of increasingly sophisticated, off-the-shelf tools and techniques to deploy. Adversaries hold few, if any, qualms as to who they attack and what information they steal, and they consider the brand damage and financial losses their victims suffer as chips to be wagered as they negotiate ransomware payments. The level of sophistication and persistence that was previously characteristic of attack campaigns conducted by nation-state attackers for the purpose of espionage against the few has become the norm for financially motivated attacks against the many.
Reducing operational costs. CISOs operate under budget constraints while external compliance and reporting requirements ratchet up the pressure. They are focused on the need to optimize operational spending across two domains. First, the costs associated with implementing and operationalizing new security controls, along with the staffing costs associated with running those controls. Second, the costs related to both the increasing premium costs and scope of policy exclusions in the cyber insurance market. CISOs report a materially increased level of additional scrutiny by cyber insurers over their security controls and capabilities, which is driving them to prioritize additional security controls to improve their insurability and reduce the costs of premiums.
Attracting and retaining talent. There is continued concern among CISOs regarding the need for skilled security professionals to fill open roles, along with the challenge of retaining valuable team members they already have on staff. Even in this contracting job market, cyber expertise is a valued and highly fought-over commodity. CISOs have an urgent requirement to improve the Security Operations Center (SOC) analyst experience in order to attract and retain talent.
- AWS Application Composer Now Generally Available – Visually Build Serverless Applications Quickly | AWS News Blog
- How To Destroy Your Wealth — My Money Blog
- German Apple Pancake Recipe {Apple Oven Pancake} | Girl Vs Dough
- LastPass Publishes More Details about Its Data Breaches - TidBITS
- 6 Types of Screws Every Maker Should Know About – Cool Tools
- ”My tip is simple, but I use it every day. If you take a Retractable Badge Holder 10 Pack, and clip the top to the wall or bench, and the bottom to a wire(soldering iron, glue gun, power supply, .etc), it keeps the cable out of the way while keeping it accessible. I use them every day and the tension is just enough so the wire rises without being too uncomfortable.”
- We Know Security Is A Concern, But What Is Actually Going On? - IT Jungle
- VCP-DCV on vSphere 8.x Objective 1.8 – Describe the role of Virtual Machine Encryption in a data center - ESX Virtualization
- The Art of Managing Threat Feeds - VMware Security Blog - VMware
- LVHN: Ransomware hackers put cancer patient photos on dark web
- Balancing the Rising Costs of Public Cloud | APMdigest - Application Performance Management
- Hitting the Books: AI is making people think faster, not smarter | Engadget
- (22) The "CIA Triad" Is Insufficient In The Age of AI/OT/IoT | LinkedIn
- The security of systems, applications and services must include controls to offset possible threats, as well as controls to ensure Confidentiality, Integrity, Availability and Safety (CIAS):
CONFIDENTIALITY – This addresses preserving authorized restrictions on access and disclosure to authorized users and services, including means for protecting personal privacy and proprietary information.
INTEGRITY – This addresses protecting against improper modification or destruction, including ensuring non-repudiation and authenticity.
AVAILABILITY – This addresses timely, reliable access to data, systems and services for authorized users, services and processes.
SAFETY – This addresses reducing risk associated with technologies that could fail or be manipulated by nefarious actors to cause death, injury, illness, damage to or loss of equipment.
- Are Your (old) ESXi Hosts Publicly Available? — They won't be for long. · vNinja.net
- Lessons to be learned here? #
Don’t expose vCenter or ESXi hosts to the internet. No exceptions (except Honeypots of course)
Ensure admin access (vCenter, ESXi and other management interfaces/APIs) is limited to clients that need it and is properly secured (think Zero Trust, MultiFactor Authentication etc.)
Patch your stuff.
To quote myself from two years ago:
To be blunt; there is simply no valid reason why your VMware vCenter, or ESXi hosts, should be available over the internet, none what so ever. In fact, it shouldn’t even be available from non-admin clients in your local network, let alone via the internet. If that is the case in your environment, odds are that there are probably other big issues present in your infrastructure as well.
- Building and deploying your first app on Tanzu Application Platform (2/3) | viktorious.nl – All things cloud-native
- Update on vSphere version adoption – Welcome to vSphere-land!
- 40 Useful Concepts You Should Know - by Gurwinder
- Mighty-Tuff™ Series
- How To Show Your Love With a Complete Estate Plan - FindLaw
- Managing Legacy Technology Security – Health Sector Council
- Health Industry Publishes
“Health Industry Cybersecurity-Managing Legacy Technology Security”
- How a Thief with Your iPhone Passcode Can Ruin Your Digital Life - TidBITS
- FDA reportedly denied Neuralink's request to begin human trials of its brain implant | Engadget
- Unlock Your Leadership Potential: 12 Must-Read Books to Take Your Skills to the Next Level | by Mofrad Muntasir | Writers’ Blokke | Jan, 2023 | Medium
- “Leadership is the capacity to translate vision into reality.” -Warren Bennis
“The key is not to prioritize what’s on your schedule, but to schedule your priorities.”
“Autonomy is the power to steer our own lives. It is the feeling that we are in control of our own destiny.”
“The only way to win is to learn faster than anyone else.”
“The greatest day in your life and mine is when we take total responsibility for our attitudes. That’s the day we truly grow up.”
“Leadership is not about being in charge. It’s about taking care of those in your charge.”
“Good is the enemy of great. And that is one of the key reasons why we have so little that becomes great.”
“Leadership is the capacity to translate vision into reality.”
“People don’t buy what you do, they buy why you do it.”
“Vulnerability is the core of all emotions and feelings. It’s the glue that holds relationships together.”
“The true test of leadership is how well you function in a crisis.”
“The most dangerous words in business are, ‘We’ve always done it this way’.”
“Leadership is not about being in charge. It’s about taking care of those in your charge.”
- Beware of the fine print @ AskWoody
- Amazon officially becomes a health care provider after closing purchase of One Medical | Engadget
- How to Write an Essay or Article in Just 10 Minutes – Careers
- Then, when you’re ready to write your essay, use the tricks below. They will help you to finish your work in just 10 minutes:
Pick a general topic that interests you and brainstorm any ideas related to it. For example, your topic could be about your favorite books, or movies, or anything else.
Take a break for five minutes and drink some water.
After the break, list all your ideas on paper.
Choose the idea that suits best for the essay or article you need to write.
Organize your thoughts so they are easy to read and clear.
Write the introduction for your essay first.
Write down all the points with examples as well.
- FBI says it has 'contained' a cybersecurity incident on its network | Engadget
- CyBOK – The Cyber Security Body of Knowledge
- Azure Active Directory – Security Overview | Marius Sandbu
- Managing Multiple Python Installs and Packages with Pyenv and Pipenv | HumairAhmed.com
- New – Deployment Pipelines Reference Architecture and Reference Implementations | AWS News Blog
- How to use terraform to quickly deploy a decent Azure network - Cloud for the win!
- What If the way for fighting ransomware was to backup directly to Object storage with immutability On-Prem? - ESX Virtualization
- Fedora now has frame pointers | Richard WM Jones
- Sysadmin Stories: Five Reasons to Monitor Your Infrastructure with Veeam ONE
- 1. Backup repository connection failure
2. Backup job state
3. Suspicious incremental backup size
4. Job disabled
5. Immutability state
- SNMP explained | Electric Monk
- Malware Detection in Container Images - VMware Security Blog - VMware
- Google Fi warns customers that their data has been compromised | Engadget
- GitHub - romantomjak/packer-proxmox-template: Packer configuration for creating Debian 11 virtual machine templates for Proxmox VE
- The Internet Archive's Calculator Drawer lets you relive high school math class | Engadget
- Precision audio ripping with abcde – 0x 0f5f 912c
- Ender3 Ikea Lack Table Printer Enclosure – CubicleNate's Techpad
- Wearable ultrasound patch could offer real-time heart scans on the go | Engadget
- Additional GoTo Data Stolen in the LastPass Breach - TidBITS
- FDA clears Wandercraft's exoskeleton for stroke patient rehab | Engadget
- DSHR's Blog: Internet Archive Storage
- DSHR's Blog: Optical Media Durability Update
- FAA Outage: System Downtime Puts an Entire Industry on Hold | APMdigest - Application Performance Management
- Manage Your Project Deadlines. A good deadline keeps your customers… | by Ben Cotton | The Pragmatic Programmers | Dec, 2022 | Medium
- Project deadlines should fall somewhere between two points: the earliest it could be done if everything goes well and the latest it can be done and still be useful.
- Bulk Creating Users For Your Test Network | PeteNetLive
- Tools for writing simpler English | Nelson's log
- UPS battery replacements by size | Nelson's log
- Red flags · Major Hayden
- Automatic container updates with watchtower · Major Hayden
- Requirements for Cyber Insurance are Changing…Fast! - VMware Security Blog - VMware
- . The following type of questions from insurers are becoming commonplace:
Have you implemented endpoint security tools (such as EDR) with behavioral detection and exploit mitigation capabilities?
Is there a team of analysts dedicated to monitoring the output of the EDR tool in place? Is that team internal or external?
What % of endpoints is EDR fully operationalized on?
Has the EDR solution been configured to actively “block” threats?
Has the EDR solution been adequately tuned in your environment to detect and prevent ransomware?
- Is the Portrait of J. Random Hacker Still Accurate? - LowEndBox
- Have You See the Internet Archive's Stolen Truck? - LowEndBox
- We Said Goodbye to These Technologies in 2022 - LowEndBox
- The iPod: No, not the old classic one with the wheel. The iPod Touch. Apple announced there will be no more. By now, the universe of old iPhones that people can use as iPods is so enormous that a dedicated iPod isn’t needed any more.
Blackberry OS: “As a reminder, the legacy services for BlackBerry 7.1 OS and earlier, BlackBerry 10 software, BlackBerry PlayBook OS 2.1 and earlier versions, will no longer be available after January 4, 2022”. So says the BlackBerry OS FAQ page. This OS goes back to 1999.
Google Stadia: Google’s cloud gaming offering never really gained steam (ha!) with users, folding after less than 3 years in operation.
Facebook Portal: Turns out consumers down want a Zuckerberg spy cam in their home. Who knew?
CentOS 8: CentOS moved to a, uh, streaming platform and CentOS 8 went EOL 12/31/2021.
Debian 9 (Stretch): End of long-term support was June 30.
- The FAA grounded all US flights because contractors mistakenly deleted files | Engadget
- Our Articles Are Written By Humans, Unlike ONE Site We Could Name. And We Do. - LowEndBox
- SuperMicro is a Shaky House of Cards? - LowEndBox
- Tailscale is Awesome! - Patshead.com Blog
- Fail2ban with Gitea – Stuff I'm Up To
- Pathfinding - Wahl Network
- Speed Up tar with pigz – Stuff I'm Up To
- Reduce Carbon FootPrint with the help of CO2 Scope software from EasyVirt - ESX Virtualization
- IAM is the Perimeter :: packetmischief.ca
- ESXi 7.x to 8.x upgrade scenarios - ESX Virtualization
- vim-cmd hostsvc/firmware/sync_config
vim-cmd hostsvc/firmware/backup_config
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-8.0a-20842819-standard
- Terraform and vSphere – Part 4: More Compute Cluster Resources – Adventures in a Virtual World
- List of Special Parameters in Bash with Examples
- FAA grounds US flights following NOTAM computer outage
- Raspberry Pi's new 12-megapixel camera modules provide powered autofocus
- What are the best dimensions for a Desk PC? – DIY Desk PC
- Mobile Verification Toolkit
- Searching for Susy Thunder
- GitHub - PlankCipher/kabmat: TUI program for managing kanban boards with vim-like keybindings
- GitHub - MycroftAI/mimic3: A fast local neural text to speech engine for Mycroft
- GitHub - StamusNetworks/suricata-4-analysts: The Security Analyst’s Guide to Suricata
- Monica: An Open-Source App for Personal Relationship Management
- How to Backup and Restore Linux Commands History
- Cleaning up Docker space · Igor Moiseev
- A Career in Linux is What You Should Be Pursuing In 2023
- Security measures to protect Kubernetes workloads - Help Net Security
- CI Fuzz CLI: Open-source tool to test Java apps for unexpected behaviors - Help Net Security
- A change in Oracle 12.2 and 19c with MV Refresh Stats Collection
- Data Pump Bundle Patches: You may need to download again
- Apply the Data Pump Bundle Patch - non-rolling but online?
- Testing Your Weakest Links as a Chain | The Networking Nerd
- Managing infrastructure with Terraform, CDKTF, and NixOS
- How to Remove Hidden/Ghost Network Adapters in Windows? | Windows OS Hub
- set devmgr_show_nonpresent_devices=1
- Chris's Wiki :: blog/linux/SystemdCgroupsHierarchies
- Thousands unpatched Citrix servers vulnerable via critical vulnerabilities | Born's Tech and Windows World
- Is an Exchange ProxyNotShell disaster looming at the corner? | Born's Tech and Windows World
- Real Time Speech to Text from Radio Speech via DragonOS, SDR4Space, Mosquitto and WhisperCPP
- TikTok will be banned on most US federal government devices | Engadget
- voidtools
- Can you run your test suite successfully 1000 times in a row?
- Book Review: Secure by Design – Adventures in the programming jungle
- USENIX Security '22 - Bailey Kacsmar, Kyle Tilbury, Miti Mazmudar, Florian Kerschbaum ‘Caring About Sharing: User Perceptions Of Multiparty Data Sharing’ - Security Boulevard
- Flipper Zero Hacker Tool Gets UI Editor For Custom Apps | Hackaday
- All About USB-C: Introduction For Hackers | Hackaday
- Hardware Store Chemicals Transform Sheets Into Waterproof Tarps | Hackaday
- Board-DB: The Single Board Computer Database - Board-DB
- Power Over Ethernet, Explained | Hackaday
- How Compliance Automation Can Turn Your Risk Register into a Valuable Business Tool - Security Boulevard
- Insurance and Regulations May Be the Biggest Security Drivers of 2023 | Lookout - Security Boulevard
- vCenter CPU Usage reaches 3000 % in VIMTOP | Techbrainblog
- How to check the DNS server IP being used (Ubuntu 18.04+) – ServerAdminBlog
- Linked - The Perks of a High-Documentation, Low-Meeting Work Culture
- All About USB-C: Cable Types | Hackaday
- Getting started with OpenTelemetry for Python - DEV Community 👩💻👨💻
- A Roadmap to Zero Trust Architecture
- Users
Establish a corporate identity
Enforce MFA for all applications
Endpoints and Devices
Implement MDM/UEM to control corporate devices
Implement endpoint protection
Inventory all corporate devices, APIs and services
Internet Traffic
Block DNS requests to known threats
Block threats behind SSL/TLS
Networks
Segment user network access
Use Internet backbones for branch to branch connectivity
Close all inbound ports open to the Internet for application delivery
Applications
Monitor inbound emails and filter out phishing attempts
Inventory all corporate applications
Zero Trust policy enforcement for Applications
Publicly addressable
Privately addressable
SaaS applications
Non-browser apps (SSH, RDP, SMB, thick clients)
Protect applications from Layer 7 attacks (DDoS, injection, bots, etc)
Enforce HTTPS and DNSsec
Data Loss Prevention and Logging
Establish a process to log and review traffic on sensitive applications
Define what data is sensitive and where it exists
Stop sensitive data from leaving your applications (e.g. PII, CCNs, SSNs, etc)
Identify misconfigurations and publicly shared data in SaaS tools
Establish a SOC for log review, policy updates and mitigation
Stay up to date on known threat actors
Steady State
Employ a DevOps approach to ensure policy enforcement for all new resources
Implement auto-scaling for on-ramp resources
- Recap of AWS re:Invent 2022: An Honest Review | Resmo
- 25+ Vulnerable Websites To Practice Your Hacking Skills
- writing one sentence per line | Derek Sivers
- Learn the Many Ways in PowerShell to Get The Windows Version
- Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion, OsHardwareAbstractionLayerVersion
- 100 Rules To Live By - Dru Riley
- Digital Journalism Style Guide of Inclusive Language | Language Please
- Visualize Value
- What's That Charge?! Identify those mysterious charges on your credit card statement
- Animated Knots by Grog | Learn how to tie knots with step-by-step animation
- Find UUID of Storage Devices in Linux
- blkid
- Doc Searls Weblog · When Clouds Crash
- Watch Duty: California Wildfire Watch Driven by RTL-SDRs
- DEF CON 30 RF Talks: Biohacking, Designing Antennas, Tracking Military Ghost Helicopters and More
- Discover Managed Data Visualizations With AWS Grafana
- PowerCLI to check for Python Exploit in VMware - Notes of a scripter
- A Terraform Learning Plan - buildVirtual
- Chris's Wiki :: blog/web/CurlTestingAlternateServer
- Chris's Wiki :: blog/sysadmin/GroundUpRecoveryPlanThinking
- Installing a Windows Domain Certificate in Apache Tomcat – Michael Ellerbeck
- Should you go to law school in the US to have a high-impact career? - Career review
- Swift, Shells In The 1960s, And Some Swift Scripting Examples For Admins - krypted
- The reason Ken Thompson wrote the Thompson Shell (/bin/sh) when he and the team at Bell Labs developed Unix was that they didn’t want to have to teach programming to people in the patent office, who funded the PDP they used to write Unix.
- The Distributed Computing Manifesto | All Things Distributed
- Amazon's Distributed Computing Manifesto - Marc's Blog
- Perhaps the most interesting part of the manifesto for me is the description of the cultural change that needs to go along with the change in architecture.
- Find windows OS version from command line
- Friday Fun: PowerShell Scripting with ChatGPT • The Lonely Administrator
- Think of the AI as a muse for inspiration.
- Blocking control-mousewheel in browsers | Nelson's log
- That's a Gorgeous Benchmark! - LowEndBox
- Transparent encryption of node to node traffic on Amazon EKS using WireGuard and Cilium | Containers
- How to Make a Late Software Project Later: RIP, Fred Brooks (1931-2022) - LowEndBox
- US Government Releases Blueprint for an AI Bill of Rights - LowEndBox
- The blueprint calls out five principles.
Safe and effective systems: you should be protected against people unwilling to or incapable of protecting you.
Algorithmic discrimination protections: I’m sure programmers will enjoy the recommended “proactive equity assessments”.
Data privacy: What you’d expect.
Notice and explanation: The description of this is…interesting.
You should know how and why an outcome impacting you was determined by an automated system, including when the automated system is not the sole input determining the outcome. Automated systems should provide explanations that are technically valid, meaningful and useful to you and to any operators or others who need to understand the system, and calibrated to the level of risk based on the context. Reporting that includes summary information about these automated systems in plain language and assessments of the clarity and quality of the notice and explanations should be made public whenever possible.
Human alternatives, consideration, and fallback: You should be able to get ahold of someone to fix problems if automated systems can’t.
- Ransomware attack responsible for Rackspace Exchange instance outage in Dec. 2022 | Born's Tech and Windows World
- Delivering True Storage-as-a-Service - Architecting IT
- Firmware update fixes Jabra (e.g. Engage 75) headsets issues with MS Teams (Dec. 15, 2022) | Born's Tech and Windows World
- Google, Apple and Mozilla team up to build a better browser benchmark | Engadget
- A Basic(ish) Active Directory Look-Up Script - tommymaynard.com
- Too Much Information Running Through My Brain | This is Hyper-Disaggregated
- How to Enable SSH on All ESXi Hosts using PowerCLI - buildVirtual
- ESXi Advanced & Kernel Settings Reference
- Henry Ford's Balanced Approach to Cybersecurity
- AWS Fault Injection Simulator Cross Account Experiments via AWS StepFunctions – Laurent Domb
- ChatGPT and Creating For Yourself | The Networking Nerd
- Creating a modifiable gzipped disk image | Richard WM Jones
- Sysadmin Stories: What I've Learned From Using Instant Clones in vSphere
- Memory Deduplication on ESXi with Transparent Page Sharing - The Tech Journal
- Using Code Capture to decipher VMware APIs -
- Building Confidence Through Chaos Engineering on AWS – Laurent Domb
- Hitting the Books: AI is already reshaping air travel, will airports themselves be next? | Engadget
- History of the Internet - RoseHosting
- How to Disable or Enable IPv6 in RHEL, Rocky & AlmaLinux
- GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ipv6.disable=1"
- Private-Sector Cyber Defense in Armed Conflict - Lawfare
- Kubernetes etcd backup and restore - cheat sheet -
- Performance Analysis Using PCP
- How to Do a UDP Ping in Linux
- sudo nmap -sU -p 161 itsfoss.com
netcat -v -u -z itsfoss.com 161
- 10 Best Open Source Bots for Your Discord Server
- How to enable timestamp in history command
- $ vi ~/.bashrc
-----------
export HISTTIMEFORMAT="%F %T "
----------
- Conferenceware – Bruce Elgort
- Conferenceware
A demonstration of software or hardware specifically meant to work only at a trade show or conference and nowhere else.
- ChatGPT: An AI That Can Build Human-Like Conversations
- Firewalld in Examples: A Complete Beginner’s Guide
- Security flaw in Florida tax website exposed filers' sensitive data | Engadget
- AWS Security. A compilation of stories written about… | by Teri Radichel | Cloud Security | Nov, 2022 | Medium
- Amazon Inspector Now Scans AWS Lambda Functions for Vulnerabilities | AWS News Blog
- AWS Wickr – A Secure, End-to-End Encrypted Communication Service For Enterprises With Auditing And Regulatory Requirements | AWS News Blog
- 7 Important Estate Planning Documents To Put Your Affairs In Order | Penniless Parenting
- Dealing with loss is tough, and you’ve probably lived long enough to experience the death of a loved one, so you probably know how difficult it is to navigate life while grieving. You can write down your funeral wishes to ensure that your surviving relatives don’t have to deal with the burden of planning a funeral while mourning your death. The most important reason you must write down your wishes is to avoid conflict in your family. With your funeral plans in writing, no one can contest each other, and they would have to follow your instructions. A funeral plan should cover topics like how you would like to be sent off, whether a traditional burial or cremation. It should also include the type of ceremony you want, the time, a
- Do Employers Have to Tell You They Are Monitoring Your Computer? - FindLaw
- Cumulative vs. Cyclical Knowledge · Collab Fund
- (SM) Support Tip: How to simple test JGroups in Service Manager - Service Manager User Discussions - SMA-Service Manager Suite
- Windows Incident Response: RegRipper Value Proposition
- The Familiar Story of Stockholm Banco: Creating New Currency in 1661 — My Money Blog
- The bank collapsed after only six years. During the cleanup, audits revealed tons of missing money. Palmstruch was sentenced first to execution (later reduced to jail), and died only a year after his eventual release.
- Maryland Couple Indicted For Illegal Disclosure of American Health Information to Russia - Lawfare
- How To Securely Transfer Files With SCP In Linux - OSTechNix
- KDE Ltinerary: An Amazing Travel Assistant That Cares about Your Privacy
- dbi Blog
- A Retrospective Post-Quantum Policy Problem - Lawfare
- Oracle Data Pump and Compression – Also Without a License – Databases Are Fun
- GoDaddy Sucks - and Here's Why - FOSS Force
- Installing Oracle Database 19c and All the Things to Put on Top – Databases Are Fun
- Kubernetes CheatSheet – Devops Tutorials
- Troubleshooting Kubernetes – Devops Tutorials
- Ansible Tutorial Complete – Devops Tutorials
- Terraform Tutorial – Devops Tutorials
- Terraform best used for Infrastructure provisioning.
Ansible best used for Application provisioning.
- Kubernetes Security – Devops Tutorials
- Patching all my environments with the October 2022 Bundle
- Real World Experience, AI Reliable Screening for Abnormal in Chest X-Rays | Rady's Inspirations
- Though this article provides the effectiveness of AI in, but there is more towards it, the role of a Radiology Workflow (RIS) and deconstructed PACS is very critical for results like these in real world scenario.
Routing images from the Modality to a central Server
Quickly decide which AI Model to be used (Dicom Tags / Clinical Data)
Forward the studies to the Specific AI Gateway
Wait for the results, once AI results received,
Based on Diagnosis, draft a report and forward to a Radiologist.
- Microsoft confirms Kerberos authentication issues after Nov. 2022 updates | Born's Tech and Windows World
- 7 Things I Wish Law School Taught About eDiscovery
- 1) That eDiscovery Exist
2) That eDiscovery Can Make or Break a Case
3) The Risks of Bumbling eDiscovery
4) Where to Find New Types of ESI
5) The eDiscovery Tools of the Trade
6) Strategic eDiscovery
7) Ethical Duty of Technical Competence
- Disaster Planning: It’s Not Just for Hurricanes - Legal Talk Network
- How to Upgrade from ESXi 7 to 8 – Al Rasheed – A personal Blog about IT related subjects.
- Great Product Managers – Perspectives
- Using KeyOxide · The Odd Bit
- DIY USB Charging The Right Way | Hackaday
- Exadata Database Machine Default Passwords – Talip Hakan Ozturk's ORACLE BLOG
- How to Perform a Free Ubuntu Vulnerability Scan with OpenSCAP and Canonical’s Official OVAL Content | Alexander V. Leonov
- The Art of Calculating the Cost of Risk
- Illusive's Identity Threat Detection and Response (ITDR) Solution Protects Privileged Accounts
- ITDR
- Mark J. Wielaard » Blog Archive » Valgrind 3.20.0
- 11 Fun Linux Command-Line Programs You Should Try When Bored
- Setting up a 'PXE Network Boot Server' for Multiple Linux Distribution Installations in RHEL/CentOS 7
- Linux sdiff Command Tutorial for Beginners (8 Examples)
- What is better then diff? sdiff. :)
- How To Apply The 7 Zero Trust Pillars To Your Network (+ FREE Guide)
-
Pillar 1: All data sources and computing services are considered resources
Pillar 2: All communication is secured regardless of network location
Pillar 3: Access to individual enterprise resources is granted on a per-session basis
Pillar 4: Access to resources is determined by dynamic policy
Pillar 5: The enterprise monitors and measures the integrity and security posture of all owned and associated assets
Pillar 6: All resource authentication and authorization are dynamic and strictly enforced before access is allowed
Pillar 7: The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture
- Why it's time to review your Microsoft patch management options | CSO Online
- Basic but Powerful – CISA’S Cybersecurity Performance Goals - Security Boulevard
- 6 Kubernetes Cost Control Strategies You Need in Place for 2023 - Security Boulevard
- 1. Workload cost allocation
2. Kubernetes cost optimization
3. Right-sizing advice
4. Kubernetes cost showback
5. Multi-cluster cost and usage
6. Cloud billing integration
- Use Cloud Securely? What Does This Even Mean?! - Security Boulevard
- REMnux: The Linux Toolkit for Reverse Engineering and Malware Analysis | eSecurityPlanet
- 12 Useful 'sed' Commands In Linux | LinuxTeck
- joeware – never stop exploring… :) » Blog Archive » TLS 1.3 for LDAPS on Windows Server 2022
- joeware – never stop exploring… :) » Blog Archive » Active Directory… 18 Years Old… But Do Your App Vendors and Developers Even Know How To Use It Properly?
- The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability? - Lawfare
- Cybersecurity Regulation: It’s Not ‘Performance-Based’ If Outcomes Can’t Be Measured - Lawfare
- Harvey Mudd College Learn SDR Course with RTL-SDR, PlutoSDR and GNU Radio on YouTube
- Cybersecurity Certifications: To renew or not renew — that is the question | by Teri Radichel | Cloud Security | Medium
- Teri Radichel
- how to convert all text in text file to lower case | Jamal Ahmed's page
- ggVGu
- RP2040 firmware converts Raspberry Pi Pico into a an I2C to USB bridge - CNX Software
- Chris's Wiki :: blog/linux/ZFSNoSnapshotOddError
- NextCloud OCC on Kubernetes – ZenCoffee Blog – random notes, guides, and thoughts…
- An In-Depth Getting Started Guide To Remote PowerShell
- 3 Tips for Flexible, Adaptive Incident Management | APMdigest - Application Performance Management
- 1. Where You Manage Incidents Matters
2. Never forget "Communication is key"
3. Treat incidents as opportunities
- Simple PostgreSQL Backup Agent – UseIT | Roman Levchenko
- My Struggles with Physical Wellness - Wahl Network
- Continuity is Not Recovery | The Networking Nerd
- Incentivizing High-Performing Cybersecurity Programs in the Banking Sector - Lawfare
- Cyber Insurance and Cybersecurity Policy: An Interconnected History - Lawfare
- Quantifying Cyber Conflict: Introducing the European Repository on Cyber Incidents - Lawfare
- Chris's Wiki :: blog/sysadmin/SwapfileAndBackupsIssue
- Introducing AWS Resource Explorer – Quickly Find Resources in Your AWS Account | AWS News Blog
- Ansible: Collection | panticz.de
- Getting Scans From 18.171.7.246 and 35.177.10.231? It's the UK Government - LowEndBox
- Review of the GLiNet AX1800 Flint Router - Daniel Lautenbacher
- vCenter 8 upgrade and vami_config_net » boche.net – VMware vEvangelist
- IIS Crypto 3.3 released | Born's Tech and Windows World
- However, this can be done conveniently via a GUI as shown above. Moreover, the tool allows you to rearrange the SSL/TLS cipher suites offered by IIS, change advanced settings, implement best practices with a single click, create custom templates and thus test websites.
- IT tools to support Windows 10 version 22H2 | Born's Tech and Windows World
- Security baseline for Windows 10, version 22H2 – download the Microsoft Security Compliance Toolkit the to access Microsoft recommended security configuration baselines.
Windows 10 Enterprise Evaluation –a free 90-day evaluation of Windows 10, version 22H2
Administrative templates (.admx) for Windows 10, version 22H2 are natively accessible from the C:\Windows\PolicyDefinitions\ folder in Windows. These files and the Group Policy Settings Reference Table can also be downloaded from the Microsoft Download Center:
ADMX for Windows 10, version 22H2
Group Policy settings reference spreadsheet for Windows 10, version 22H2
The Remote Server Administration Tools (RSAT) for Windows 10 are included in the operating system as a set of "Features on Demand". More tools are mentioned in the Techcommunity article as updated.
- Is Your Organization "Well-being Washing"?
- Good employers will find ways to improve the lives of their workers in ways that create a positive relationship and engagement. Bad employers will do the bare minimum. When they struggle with retention and attracting talent they will roll out programs and do what they need to do. At the first sign of an economic downturn or a looser labor market, they will forget all about that and do very little to take care of their employees.
- What Security Professionals Need to Know About Data Privacy - Red Clover Advisors
- This oversight resulted in new definitions for data security and data privacy. Here’s a highly simplified breakdown:
Data security is concerned with securing data against bad actors, exposure, and threats.
Data privacy is about how and why you’re collecting data, what you’re doing with it, who you're sharing it with, and how long you’re storing it. At its core, data privacy is about responsible data governance.
- James Webb Space Telescope captures a spooky view of the Pillars of Creation | Engadget
- Best Free and Open Source Alternatives to Microsoft Whiteboard - LinuxLinks
- 1. OpenBoard
2. Excalidraw
- IBM upgrades Linux mainframe, boosting availability and AI performance | VentureBeat
- vnStat - Monitor Network Bandwidth In Linux and BSD - OSTechNix
- Tricking our brains into passing that Technical Certification - mwpreston dot net
- Collectl: An Advanced Linux Performance Reporting Tool
- Collectl
- A quick look at S3 Object Lock - mwpreston dot net
- Identify VMs that have VMware Tools with the OpenSSL v3 vulnerability - ivobeerens.nl
- 1
$vcserver = 'the FQDN of the vCenter Serbver name'
2
Connect-VIServer $vcserver
3
Get-VM | Where-Object {$_.Guest.ToolsVersion -ge '12.0.0'} | Select -property Name,PowerState,@{Name='Toolsversion';Expression={$_.Guest.Toolsversion}} | Sort Toolsversion
4
Disconnect-VIServer * -Confirm:$false
- Endpoint Protection is Key When it Comes to Cyber Insurance - VMware Security Blog - VMware
- ESXi-Targeting Ransomware: Tactics and Techniques (Part 2) - VMware Security Blog - VMware
- Terraform and vSphere – Part 2: DSC – Adventures in a Virtual World
- Cilium CNCF Graduation Application
- How to Transcode FLAC Files With flac2all in Linux - Make Tech Easier
- How to Install AWS CLI on Linux Step-by-Step
- How to Install OpenProject on Ubuntu 22.04 - RoseHosting
- Silent ORA-918 behavior change in RU 19.17.0 and newer
- Patching News: RURs are gone - long live MRPs
- Intel uses AutoUpgrade to upgrade from Oracle 11.2.0.4 to 19c
- Why you simply can't upgrade from Oracle 11g or 12c to Oracle 23c
- How to speed up datapatch - and much more information
- Binary patching is slow because of the inventory
- Three Choices for Data Mobility - Architecting IT
- We see three options for maintaining data mobility, whether to optimise usage or to place data next to wherever compute will be run.
Build an abstraction layer. In this instance, a distributed file system or object store provides access to data across many locations and with either eventual or strong consistency. Strong consistency is generally preferred but comes at the cost of additional complexity and performance challenges.
Implement efficient migrations. Move entire data sets between physical storage resources using tools that can execute the copy process in the background and minimise downtime. Migration solutions can also be used to copy data, as long as strict controls on distribution are maintained.
Move data tactically. Perform individual file migrations, leaving a pointer behind (stubs or links) to track the new physical location of the data.
- Site Reliability Engineering (SRE) is the Force Multiplier of Digital Experiences | APMdigest - Application Performance Management
- Enabling WiFi Fast Transition Between Access Points with OpenWRT - Patshead.com Blog
- Why you can't stay on Oracle Database 11g forever
- How to speed up your database and GI patching
- Can I cleanup the previous Patch Bundles with opatch?
- package-cleanup --oldkernels --count=1
- How to get access to download older Oracle versions?
- High severity vulnerabilities found in Harbor open-source artifact registry - Help Net Security
- The Difference Between Su, Sudo Su, Sudo -i, and Sudo -s - TREND OCEANS
- Ansible Register Variable - OSTechNix
- GitHub - bartobri/no-more-secrets: A command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
- Fixing Battery Drain in Kwikset Locks – Scott Gruby's Blog
- Learning VMware PowerCLI For The Absolute Beginner
- 5 Most Used Touch Commands in Linux With Examples | LinuxHostSupport
- 1. Create a File
2. Change only the access time
3. Use the timestamp of another file
4. Create a file with a specific timestamp
5. Creating Multiple files
- How to Install Apache Guacamole as Docker Container on Ubuntu
- Run Linux Servers Without Reboots Using Kernel Live Patching Tools - OSTechNix
- Installing macOS 13 Ventura on Proxmox 7.2 – Nicholas Sherlock
- Constellation: Open-source, runtime-encrypted Kubernetes - Help Net Security
- Security+ Keep your cert up to date... for Free | UNCOMN
- CISA releases RedEye open-source analytic tool - Help Net Security
- Linked - Remote workers are feeling pressure to prove their productivity
- Are your company's cybersecurity protocols doing more harm than good? | Employee Benefit News
- Linked - Fired admin cripples former employer's network using old credentials
- Dawani’s Law | Seth's Blog
- “The number of people who say that Moore’s Law can’t continue doubles every 24 months.”
- Linked - How Learning And Development Can Quell Quiet Quitting
- Linked - More U.S. companies charging employees for job training if they quit
- Cisco Full Interface Configuration Compliance Checking With Ansible | Greg Sowell Saves The World
- HCL Domino and Security
- Sysinternals released Zoomit 6.1 | Born's Tech and Windows World
- Microsoft back ports brute force protection of administrator accounts for Windows | Born's Tech and Windows World
- Windows 11 strengthens SMB traffic protection | Born's Tech and Windows World
- The Best Answers to the Most Common Oracle on Azure Questions
- AntiVirus for my Database Server? – Part 2 | Late Night Oracle Blog
- Writing a zero findings pentest report – DiabloHorn
- Firewall analysis: A portable graph based approach – DiabloHorn
- Domain Controller Monitoring: Why, What, How? - The things that are better left unspoken
- The Emerging Cyber Threat to the American Rail Industry - Lawfare
- Customizing Taskbar and Start in Windows 11 22h2 with PowerShell - CCMEXEC.COM - Enterprise Mobility
- Sustainability in IT - Architecting IT
- Is the Public Cloud Becoming More Reliable? - Architecting IT
- A WPF Countdown Timer • The Lonely Administrator
- Update PowerShell To the Latest Version | PeteNetLive
- Invoke-Expression "& { $(Invoke-Restmethod https://aka.ms/Install-PowerShell.ps1) } -UseMSI"
- Terence Luk: Troubleshooting traffic blocked by Azure Front Door WAF Policy in Prevention mode
- How to Find Duplicate Files Using PowerShell? | Windows OS Hub
- How to Manage Windows File Shares Using PowerShell? | Windows OS Hub
- Background incentives of build instead of buy - SysAdmin1138 Explains
- It turns out these 1000 - 9999 engineer companies are where another dynamic emerges to push the decision needle towards build before it's a really great idea to do that: the speed of adding headcount versus the speed of paying a vendor.
That's the nice thing about headcount: you can use it for more than what you initially bought it for, something a vendor solution rarely provides.
- Hierarchy and the workplace - SysAdmin1138 Explains
- Datastore with NFS4 slowness issue and Netapp\VMware findings. | Techbrainblog
- MicroSD card speeds simplified: V30 A2 | Nelson's log
- OpenWRT, Two GL.Inet Routers, and Tailscale: Successes and Failures - Patshead.com Blog
- Give Your Tail a Nudge - Marc's Blog
- FRnOG #36: Akvorado
- Akvorado
- Supporters Look to Make Oregon's Hospital Capacity Technology a National Tool | HealthLeaders Media
- White House Sets Sights on New Healthcare Cybersecurity Standards
- Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security
- Adopting FDA’s medical device cybersecurity draft to minimize security risks at healthcare organizations - Industrial Cyber
- Elon Musk reportedly wants to lay off most of Twitter's employees | Engadget
- Dutch court rules that being forced to keep a webcam on while working is illegal | Engadget
- Hitting the Books: The women who made ENIAC more than a weapon
- How Do I Pick a Guardian For My Children If I Die? - FindLaw
- Networked DVD Ripping with Raspberry Pi and iSCSI :: apalrd's adventures
- A simple solution for getting Automated Ripping Machine (ARM) to work in a Proxmox / LXC environment : homelab
- USB Simplifies Branding but Reintroduces Active Cables - TidBITS
- How to mount a Samba shared directory at boot - Linux Tutorials - Learn Linux Configuration
- Five SAP application security trends
- 1 -- Detection of Anomalies within the SAP Log-Stack
2 -- SAP Threat Modeling
3 -- SAP Can’t Exist Without Compliance Management
4 -- Application Security-as-a-Service Models
5 -- Aggregated Vulnerability Information Will Become a Must-Have
- Preventing USB Baiting |Baiting | EC-Council – Aware
- White glove service | Seth's Blog
- Windows 11 Inbox VMware drivers. | VMware
- Locking down Azure AD, a closer look at the value proposition | House of Windows Blog
- BRING YOUR OWN JOKE: Uber Has Many Openings in IT Security - LowEndBox
- Bloodhound – AD Attack Resilience Methodology | House of Windows Blog
- Chris's Wiki :: blog/solaris/ZFSZILSafeDirectWrites
- Encrypting Sensitive Data for Transit or Rest with PowerShell
- The OpenWRT Routers from GL.iNet Are Even Cooler Than I Thought! - Patshead.com Blog
- Ventoy
- How Much RAM Do You Need in 2022? - Patshead.com Blog
- How to set Windows Date and Time formats to the internationally recognized ISO 8601 standard – jasoncoltrin.com
- Doc Searls Weblog · Because We Still Have Net 1.0
- The salon will open with an interview of yours truly by Dr. Angie Raymond, Program Director of Data Management and Information Governance at the Ostrom Workshop, and Associate Professor of Business Law and Ethics in the Kelley School of Business (among too much else to list here), and quickly move forward into a discussion. Our purpose is to introduce and talk about these ideas:
That free customers are more valuable—to themselves, to businesses, and to the marketplace—than captive ones.
That the Internet’s original promises of personal empowerment, peer-to-peer communication, free and open markets, and other utopian ideals, can actually happen without surveillance, algorithmic nudging, and capture by giants, all of which have all become norms in these early years of our digital world.
That, since the admittedly utopian ambitions behind 1 and 2 require boiling oceans, it’s a good idea to try first proving them locally, in one community, guided by Ostrom’s principles for governing a commons. Which we are doing with a new project called the Byway.
- Problems with Overprovisioning VMs - ESX Virtualization
- “Overprovisioned/overprovisioning” has two meanings. The first and simplest is when a VM is given more resources than it should have. Too many vCPUs or too much RAM, generally speaking. On a host with few VMs and lots of capacity, overprovisioning a VM this way might not have a big impact, but on a host with many VMs, all in contention for its shared resources, overprovisioning can lead to serious performance problems across VMs. In either case, overprovisioning a VM is considered wasteful.
The second meaning for overprovisioning is the concept of giving the VMs on a host collectively more resources than the host has. This is very common with vCPU, somewhat less common with datastore space, and less common still with RAM.
- Stop Credential Stuffing Attacks with Cloudflare Bot Management | HumairAhmed.com
- Threat Report: Illuminating Volume Shadow Deletion - VMware Security Blog - VMware
- Three Categories of VSC Deletion Techniques
Use of native Windows binaries (Living Off the Land binaries or LOLbins)
Scripting which uses objects available in the language (WQL, PowerShell, VBS)
COM object interactions
- Emerging Trends Weekly-ish – September 22nd 2022 – Job Search Blues and the Beast Needs Skittles | This is Hyper-Disaggregated
- Rust training for FOSS programmers
- Estate Planning for the Single Parent - FindLaw
- Easy Chocolate Crinkle Cookies Recipe -- Dairy Free, With Oil | Penniless Parenting
- Steven Levitt's advice for making big life decisions — Quartz at Work
- “The data from my experiment suggests we would all be better off if we did more quitting,” Levitt said in a press release. “A good rule of thumb in decision making is, whenever you cannot decide what you should do, choose the action that represents a change, rather than continuing the status quo.”
- The Retire Early Home Page.
- PXE boot netboot.xyz on a Mikrotik router · 🤠 Major Hayden
- BMC Helix Achieves FedRAMP Certification | APMdigest - Application Performance Management
- Automated Kubernetes Deployment with Ansible – Virtual Elephant
- Automate a Daily Activity Log Audit Report for an Azure Subscription
- Stealing From Product Design
- 1. Look for unmet needs
2. Push the prototype
3. Become a design ethnographer
4. Leverage cross-functional teams
5. Determine where to get feedback
6. Release a Minimum Awesome Product
7. Don’t separate the product from the experience
- How to Create a AWS RDS Snapshot
- Why Everyone’s talking about Hybrid Cloud Trust - The things that are better left unspoken
- PowerShell – disk cleanup script | geekdudes
- How to Build a Hybrid Cloud Storage Strategy - Architecting IT
- How to Show Warning Message to SSH Unauthorized Users
- How to Obtain, Share, and Display Medical Images as Evidence in Court
- Create Jaw-Dropping Dashboards Using Grafana (on a Raspberry Pi!) - LowEndBox
- Using PowerShell Remoting Over SSH | Windows OS Hub
- New – Direct VPC Routing Between On-Premises Networks and AWS Outposts Rack | AWS News Blog
- AWS S3 for VMware SDDC Backups – Virtual Elephant
- Audit Events in Your Azure Subscription with PowerShell
- Facebook Accounts As Memorials - Proactively and Reactively - krypted
- The #1 rule | It's full of stars!
- A Picture Is Worth a Thousand Words | by Ben Cotton | The Pragmatic Programmers | Medium
- GPU or vGPU Passthrough with 16GB+ of video memory
- Protect your backups with Wasabi Immutable Storage Buckets - ESX Virtualization
- Histogram vs eCDF - Marc's Blog
- Histograms are a rightfully popular way to present data like latency, throughput, object size, and so on. Histograms avoid some of the difficulties of picking a summary statistic, or group of statistics, which is hard to do right. I think, though, that there's nearly always a better choice than histograms: the empirical cumulative distribution function (eCDF).
- Scrivano: Fascinating Whiteboard App For Handwritten Notes
- Scrivano
- Using a Raspberry Pi as a Bluetooth speaker with PipeWire
- Meowfetch - A Customizable Linux System Information Tool
- The ultimate guide to Kubernetes microservice deployments - Octopus Deploy
- Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security - Lawfare
- GitHub - d4rckh/vaf: Vaf is a cross-platform very advanced and fast web fuzzer written in nim
- GitHub - google/tsunami-security-scanner: Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
- GitHub - quay/clair: Vulnerability Static Analysis for Containers
- GitHub - aquasecurity/trivy: Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
- vSphere 8 DR and ransomware recovery possibilities - ESX Virtualization
- Best Practices: How to Design a Database - ServerWatch
- 1. Determine your database goals
2. Keep it simple
3. Choose the right database type
4. Build transparent structures
5. Security by design
6. Keep compliance primary
7. Breakdown silos
8. Documentation is key
9. Optimize for speed
10. Use a separate server
- Top Challenges for Today's Network Engineers - RouterFreak
- A Lawfare Hacking and Cybersecurity Course - Lawfare
- Passings: Peter Eckersley, a Founder of Let's Encrypt, Dies at 43 - FOSS Force
- You Can Now License Windows Server on a Per-Virtual-Core Basis - LowEndBox
- Designing my life, part one: Building a compass
- Lead PlayStation architect Masayasu Ito is retiring after 36 years | Engadget
- Sonatype Nexus IQ in Azure DevOps - Illegal Reflective Access Operation
- Windows Server 2022 Second Domain Controller Install
- Merriam-Webster just yeeted a bunch of internet slang into the dictionary
- Speed up Ansible SSH with Multiplexing | Lisenet.com :: Linux | Security | Networking
- How to Download View-Only Teams Meeting Recording Video from SharePoint | Lisenet.com :: Linux | Security | Networking
- How To Manage Windows Server - Thomas Maurer
- Azure Arc
Windows Admin Center
System Center
Windows Server on Azure
- Learn Everything About PowerShell Start-Transcript
- Money Magic: 5 Levers To Boost Your Safe Retirement Income By $50k+ a Year — My Money Blog
- An open letter to a fresh cybersecurity hire | LinkedIn
- 1. Never say "that isn't my job".
2. Make friends throughout the company.
3. Ask for forgiveness a lot.
4. Live in a big world.
5. Be humble
6. Question everything.
7. It isn't China.
8. Never hoard.
9. Treat people as you want them to be.
10. Finally, just be nice.
- Balsamic Green Beans and Tofu Recipe -- Gluten Free, Vegan, Allergy Friendly | Penniless Parenting
- Scrumptious Restaurant Style Potato Wedges Recipe | Penniless Parenting
- Chris's Wiki :: blog/linux/SystemdFastTimersEarlyNotes
- How to Use the Internet Securely: A Guide for Seniors | Cyber.gov.au
- How to Get Started With Software-Defined Radio on Linux
- DIY Windows Provisioning – a Solution Example
- ffmpeg and hevc_qsv Intel Quick Sync settings | Nelson's log
- Use Arc Forum Or Anarki To Make Your Own Hacker News! - LowEndBox
- The Ransomware Task Force’s advice needs work @ AskWoody
- Susan Bradley
By Susan Bradley
A few weeks ago, the Ransomware Task Force (RTF) released the Blueprint for Ransomware Defense.
The RTF was created by the Institute for Security and Technology (IST) in April 2021 in response to the emerging national and economic security risk posed by ransomware.
Unfortunately, I find the advice and information contained in the Blueprint centered too much on large enterprises and not enough on the broader audience it was supposedly targeting. Unquestionably, outages and stolen data for large enterprises can have a huge effect on large groups of people, but the Small Business Administration points out that there are 32 million small businesses — and we all can agree they have fewer resources to fend off attacks.
From my perspective, something very big is missing: detection.
- Configure SysInternals EULA Acceptance • The Lonely Administrator
- #set global EULA acceptance for SysInternals tools
[CmdletBinding(SupportsShouldProcess)]
Param([switch]$Passthru)
$regPath = "HKCU:\Software\Sysinternals"
Set-ItemProperty -Path $regPath -Name "EulaAccepted" -Value 1 -Force
if ($Passthru) {
Get-ItemProperty -Path $regPath -Name EulaAccepted
}
- NFSv3 datastore is much faster than NFSv4 | Techbrainblog
- More On Installing And Configuring Certbun For Use With Apache - LowEndBox
- Will Microsoft provide ESU support for Windows 7/8.1 and Server beyond January 2023? | Born's Tech and Windows World
- Configure PowerShell Remoting (WinRM) for Non-Domain (Workgroup) Computers | Windows OS Hub
- Extending the Zero Trust Architecture Concept to APIs - VMware Security Blog - VMware
- Happy 10th Anniversary, Amazon S3 Glacier – A Decade of Cold Storage in the Cloud | AWS News Blog
- Preemption of State Cybersecurity Laws: It’s Complicated - Lawfare
- Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022
- How Small or Big is Off-Premises/Public Cloud, According to Gartner — EtherealMind
- How Big is Cloud
If you take Gartner’s numbers, what’s the percentage of global total IT spend is off-premises/public cloud :
500 Billion / 4400 Billion = 11.3% (best case)
- Make Sure You Juggle The Right Way in IT | The Networking Nerd
- The Tyranny of Technical Debt, Numerically | The Networking Nerd
- Practice Until You Can’t Get It Wrong | The Networking Nerd
- Twitter whistleblower to testify about company's 'widespread security failures' at Senate hearing | Engadget
- Designing your life
- How to Live on 24 Hours a Day: Published 100+ Years Ago, Still Practical Advice Today — My Money Blog
- Windows Event Logs for Red Teams - Black Hills Information Security
- What is Zero Trust? - VMware Security Blog - VMware
- Security update for HPE Integrated Lights-Out (iLO) | Born's Tech and Windows World
- Install Oh My Zsh on Ubuntu for a Next Level Command Line
- Using A Comic Book Style For Learning
- Raspberry Pi 3+ and Joy-IT 7" touchscreen on Debian 11 - Rule of Tech
- A week of playing with Wilco (trywilco.com) #trywilco – Michael Ellerbeck
- Getting Started With GitBook: How to Add Content Blocks
- Hitting the Books: How can privacy survive in a world that never forgets? | Engadget
- You understand that by providing any sample, having your Genetic Information processed, accessing your Genetic Information, or providing Self-Reported Information, you acquire no rights in any research or commercial products that may be developed by 23andMe or its collaborating partners. You specifically understand that you will not receive compensation for any research or commercial products that include or result from your Genetic Information or Self-Reported Information.
- Introduction - Nuclei - Community Powered Vulnerability Scanner
- Code Dark: Children’s Hospital Strives to Minimize Impact of Hacks - WSJ
- Chris's Wiki :: blog/linux/Ubuntu2204InstallerScrubDisks
- How Organizations are Evolving to Support Remote Work (Forever!) | APMdigest - Application Performance Management
- Dictionary : Face Mute — EtherealMind
- Useful SSH Cheat Sheet for Linux System Administrators
- $ [Enter], ~, .
- Authority and Responsibility | The Networking Nerd
- Authority is “power to influence or command thought, opinion, or behavior”. It means you have the ability to tell people what to do.
Responsibility is “the quality of being responsible,” where responsible means “liable to be called on to answer”. Responsibility is being the one to discuss what happens with the people under your charge.
- How to manage the intersection of Java, security and DevOps at a low complexity cost - Help Net Security
- Saying “Yes” the Right Way | The Networking Nerd
- New Linux Exploit 'Dirty Cred' Revealed at Black Hat | eSecurityPlanet
- Guide to Retirement | J.P. Morgan Asset Management
- The Biggest Benefits of Cloud Migration for Businesses – Business
- Speed
Cost Reduction
Scalability
Innovation
Stability
- The 3 Most Important Cloud Computing Success Factors – Business
- #1 Flexibility
In evaluationg your system, ask:
Does it enable your employees to work flexibly?
Can they access the service from anywhere in the world, anytime?
Or must they work only during certain times of the day?
#2 Reliability
Uptime with any cloud computing solution should be within 99.9% or higher to be worth the paper it’s printed on. Remember, even 99% is almost four days of downtime a year. When you put it like that, even 99.9% is too low
#3 Cost Efficiency
Cloud computing became a hit when small businesses could use the same caliber of computing infrastructure as the large enterprises without the cost of running it all themselves. There was no maintenance, no electricity costs, and no expensive kit sitting in a room gathering dust.
So if your cloud computing solutions are costing you the earth, you’re doing it wrong! Cost is arguably the most essential factor in this process.
The pandemic rushed many people into purchasing cloud solutions that maybe weren’t the right fit for them. Now that we’re out of the worst of the pandemic, the time has come to reassess your options. It’s time to ensure your cloud computing solutions provide for you, not the other way around.
- Chris's Wiki :: blog/web/GrafanaReverseProxyAndURLs
- Chris's Wiki :: blog/sysadmin/JqFormattingTextNotes
- Car safety: Kia Challenge and Hyundai Key found on the web | Born's Tech and Windows World
- Backup vendor guarantees - are they worth anything? - Architecting IT
- Five Benefits of a NetApp Hybrid Cloud Storage Strategy - Architecting IT
- NetApp offers cloud storage across all major public cloud providers, including FSx for NetApp ONTAP, a cloud-native storage solution on Amazon Web Services. In our discussion we examined five areas.
Technology – a look at how NetApp implements storage in the public cloud, including CVO and CVS.
Supply Chain Mitigation – how a hybrid strategy can smooth the ups and downs of supply chain challenges.
Business Alignment – aligning storage with the needs of the business, including production and developers.
Financial – controlling costs and managing operational expenditure with hybrid storage.
Innovation – using a hybrid model to drive innovation within the business.
- ESXi 7.x and beyond , SD cards & system storage layout | eknori.de
- ChinaTalk: CHIPS Act + The Future of Microelectronics - Lawfare
- Efficient Immutable Snapshots - Architecting IT
- How to Encrypt and Decrypt a Partition in Linux
- Incrementals Forever or Synthetic Fulls? - Architecting IT
- A Decade of Ever-Increasing Provisioned IOPS for Amazon EBS | AWS News Blog
- Grub, recordfail, 30 seconds | Nelson's log
- New Ubuntu 22.04 homelab server notes | Nelson's log
- MailChimp Security Breach. Yes, Again. - LowEndBox
- Windows: "Service host: Local system" runs with high CPU/disk load after boot since update | Born's Tech and Windows World
- vCenter Server Is Your Heart And Soul. Learn To Backup & Restore
- Vulnerability management metrics - The Silicon Underground
- How to read a Qualys scan report - The Silicon Underground
- Organizing Chaos with PSWorkItems and PowerShell • The Lonely Administrator
- Keeping Your Law Firm Safe in the Cloud: Internal Factors | CosmoLex
- Five Great Reads on Cyber, Data, and Legal Discovery for July 2022
- Networking for Lawyers Made Simple
- OP-ED: Cybersecurity training is key to cybersecurity resiliency - Marine Log
- creating live draw.io diagrams with grafana and FlowCharting – Michael Ellerbeck
- Minimal Container Images: Towards a More Secure Future
- Kubernetes 101 - Blog | luminousmen
- Installing Docker, and Docker-Compose, in WSL2/Ubuntu on Windows – Michael Ellerbeck
- Linked: Why Repeating Yourself Is a Good Thing
- ong ago, I learned the basics of doing a presentation, and one of the most important things was to tell people things three times. Start by telling people what you’re going to explain to them, explain it to them, and then tell them what you just explained to them.
When you put it that way, that seems repetitive, doesn’t it? It’s not. Most of the time, it takes three times for it to sink in.
- Researchers reveal Kubernetes security holes, prevention
- Back Up Encrypted ZFS Data Without Decrypting It, Even If TrueNAS Doesn’t Approve | Hackaday
- Portable Computer Pre-History: Portable Before Laptops
- Chris's Wiki :: blog/sysadmin/OurServerAges2022
- Managing Microsoft Teams with PowerShell | Windows OS Hub
- Introduction to Red Hat OpenShift Container Platform | Jan Egil Ring powershell.no
- Power BI guidance documentation | James Serra's Blog
- I, The Braggart – A Network Fable | Ethan Banks
- Configure SSL Connection Encryption in MS SQL Server | Windows OS Hub
- ESP32 board with rotary encoder gets 2-key keypad shield - CNX Software
- What Is Virtual Memory on Linux? How to Manage It
- How to Use Sar (System Activity Reporter) | Linux Journal
- Hitting the Books: What goes on at a summer camp for YouTube Gaming kidfluencers | Engadget
- Medical Debt Will Be Surgically Removed from Your Credit Score | The Motley Fool
- Research Paper: Securing Linux Containers · 🤠 Major Hayden
- SunFounder TS7-Pro Touch Screen Review: Building a Portable RTL-SDR Pi 4 System
- WiFi Grid RTL-SDR Radio Telescopes featured in SARA2022 Conference Talks
- WARNING: PikaPods are Addictive! - LowEndBox
- Randomizator Sunflower-CISSP.com
- How to Get a Part 107 License - Jeremy Morgan's Tech Blog
- ‘Ring Nation’ is what happens when America's Funniest Home Videos meets Black Mirror | Engadget
- Greenfields are a Myth - Wahl Network
- New – AWS Private 5G – Build Your Own Private Mobile Network | AWS News Blog
- Welcome to AWS Storage Day 2022 | AWS News Blog
- How I Migrated from MediaWiki to Notion :: packetmischief.ca
- SSH from RHEL 9 to RHEL 5 or RHEL 6 | Richard WM Jones
- Vdbench | Electric Monk
- VMware Explore 2022 US - The Security Mindset: Changing the Way You Think About Enterprise Security - VMware Security Blog - VMware
- We will delve into:
How changing the way you think about security can drastically change your own personal career journey
Examples and perspectives from people who have successfully transitioned to security from typical IT roles or other non-standard paths
A Day in the Life of a Cross-Functional Security War Room – where you’ll take a front row seat as a fictional company gets breached, and how a cross-functional infrastructure team pulls together to break down the anatomy of the attack in a search to analyze the impact and determine root cause.
- The 10 Sessions at VMware Explore 2022 You Can’t Miss - VMware Security Blog - VMware
- Extending Server Lifespans With Fungible DPU | This is Hyper-Disaggregated
- So these are all big issues on their own, but when combined, require organizations to modernize their infrastructure in order to keep up with the demands of modern applications and services. Couple this with supply chain challenges, and many organizations are searching for how they can increase the lifespan of their currently deployed server systems. Exactly to this point, Microsoft announced that they were increasing their server life cycle from 4 to 6 years for their cloud infrastructure. The move is expected to save Microsoft 3.7 Billion USD. Google announced they would increase their server lifecycle from 3 to 4 years, and Amazon Web Services stated that they would increase their own server infrastructure to 5 years. So we see the big 3 public cloud providers making big shifts to increase server lifespans, resulting in huge savings to their bottom line.
- SonarQube – Stuff I'm Up To
- Code quality and code security
https://www.sonarqube.org
I found this very useful in scanning my code and pointing out some basic quality and security improvements I could make. It helps you learn best practices and teaches you what not to do.
- Removing ANSI Colours from Log Output – Stuff I'm Up To
- docker-compose logs --no-color keycloak | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" > output.log
- Reboot issue MCE error on Dell PowerEdge R6525 running ESXi 7.0 Update 3c | Techbrainblog
- Display auditd messages with journalctl · 🤠 Major Hayden
- sudo journalctl -af _TRANSPORT=audit
- Ubuntu, ffmpeg, and Intel GPU acceleration | Nelson's log
- UEFI, ESP, secure boot, and GRUB | Nelson's log
- Takeaways from The Obesity Code · 🤠 Major Hayden
- Secure Tailscale networks with firewalld · 🤠 Major Hayden
- Time Warner Road Runner, Linux, and large IPv6 subnets · 🤠 Major Hayden
- Cybersecurity Becomes a Semiconductor Selling Point | The Motley Fool
- Persuasion engineering · 🤠 Major Hayden
- Rootless container management with docker-compose and podman · 🤠 Major Hayden
- Free resources for the stock market · 🤠 Major Hayden
- Options trading introduction · 🤠 Major Hayden
- The Dark Side: Selling Options · 🤠 Major Hayden
- The Wheel #
The strategy shown here is called the wheel strategy. It involves these steps:
Sell puts and collect premium
If unassigned, go back to step 1
If assigned, sell calls and collect premium
If unassigned, go back to step 3
If assigned, go back to step 1
- Defending losing options trades · 🤠 Major Hayden
- Lessons learned from selling puts · 🤠 Major Hayden
- Choosing options to sell · 🤠 Major Hayden
- Monitor a UPS with a Raspberry Pi Zero W · 🤠 Major Hayden
- Selling options made simpler · 🤠 Major Hayden
- Chasing Your Tail With a Raspberry Pi - Black Hat USA 2022 | Briefings Schedule
- GitHub - the-markup/vehicle-data-collection: This contains the data for our story "Who Is Collecting Data from Your Car?".
- Maxing Out the 401k Company Match: How Many Actually Do It? — My Money Blog
- The man who built his own ISP to avoid huge fees is expanding his service | Engadget
- AT&T is using amphibious vehicles, drones and more to restore its network during disasters | Engadget
- Setting up ARM manually (Ubuntu) · automatic-ripping-machine/automatic-ripping-machine Wiki · GitHub
- Build community engagement by serving up Lean Coffee | Opensource.com
- It’s never a DNS issue right?
- Hitting the Books: How much that insurance monitoring discount might really be costing you | Engadget
- While the motives for surveillance vary, digital technology supports all of them. One need not even buy telematics insurance. Modern cars have built-in internet connections, and — without it being made transparent inthe owner’s manual — most send their car manufacturer all the data they can collect every couple of minutes, including where the driver currently is, whether harsh braking occurred, how often the position of the driver seat was changed, which gas or battery-charging stations were visited, and how many CDs and DVDs were inserted. Moreover, as soon as you plug in your smartphone, the car may copy your personal information, including contacts’ addresses, emails, text messages, and even photos. Car manufacturers are remarkably silent about this activity, and when asked with whom they share this data, they typically do not reply. That information helps to find out many other things of interest, such as how often drivers visited McDonald’s, how healthily they live, and whom they occasionally visit at night. Connected cars can support justice and improve safety but also spy on you. Telematics insurance embodies the double face of digital technology: surveillance in exchange for convenience.
- Track your nutrition with this amazing free Android app: Energize
- Cyberespionage Group Targeting M&A, Corporate Transactions Personnel | SecurityWeek.Com
- "For their long-haul remote access, UNC3524 opted to deploy QUIETEXIT on opaque network appliances within the victim environment; think backdoors on SAN arrays, load balancers, and wireless access point controllers. These kinds of devices don’t support antivirus or endpoint detection and response tools (EDRs), subsequently leaving the underlying operating systems to vendors to manage," Mandiant added.
- Ansible Default Forks = 5
- Network Admin Stuff: Cisco Is Easy - Main
- Jinja2 HTML Templates For Reporting With Ansible Automation Platform The Easy Way | Greg Sowell Saves The World
- Config As Code With The Ansible Automation Platform Controller | Greg Sowell Saves The World
- Demystifying a (mysterious) Philips OQ0702P Double Balanced Mixer – Matt's Tech Pages
- Attackers Use Event Logs to Hide Malware | Threatpost
- Chris's Wiki :: blog/unix/HostLookupHistory
- Estimating indoor CO2 levels using tinyML and computer vision | Arduino Blog
- The transition to IPv6: Are we there yet? | APNIC Blog
- Developing your Security Program: Part 2 — Developing your Security Program | by CPF Coaching | Jul, 2022 | Medium
- Stage 1 — Strategic Framework
Stage 2 — Current State Analysis
Stage 3 — Future State Vision
Stage 4 — Strategic Roadmap
Stage 5 — Mobilization
Stage 6 — Implementation
- Developing your Security Program: Part 1 — Meeting the Stakeholders | by CPF Coaching | Medium
- Let’s start with dissecting a potential approach the CISO can use. Understanding the key stakeholders (people), the processes that drive and support the organization, and the technology needed to deliver that mission. Understanding the key stakeholders goes beyond just those responsible for the security program; it also includes those that a CISO will support to ensure that she can help enable the business mission. In collaborating with those stakeholders, she will understand the parts of the business mission they support, the current pain points each might have, and the critical technologies that unlay those processes that serve that group. Each group will potentially have risk tolerances and threats, which might be separate from the organization’s approach. Combining this information should give you a business unit’s view of the organization. Understanding the approach from the bottom up and then the top down will be next.
- Securing Containers With Zero-Trust Tools - Container Journal
- Zero-trust network access (ZTNA) is considered a basic building block of a zero-trust architecture. In the context of containers, ZTNA is a way to control and enforce secure access within and between container networks.
Organizations can use a zero-trust security model to ensure secure communication between containers and microservices. In a containerized environment, the zero-trust model has several key principles:
There is no implicit, mutual trust between containers. Instead, mandatory authentication is required to prevent cyberattackers from laterally moving from an infected container to another. Attackers should not be able to discover or easily connect to other containers in a cluster or network.
Code and infrastructure are hosted with local server certificates. Logs provide a record to help troubleshoot when a network security incident occurs.
Identity and access management (IAM) and other security policies identify users and service accounts and implement time-based, context-based and role-based controls to prevent intrusion by internal and external attackers.
ZTNA allows organizations to enforce secure communication between containers and microservices with flexible, centralized security policies that are not dependent on the container environment itself.
SASE allows organizations to embed security measures into the network fabric itself, ensuring that wherever containers run, they are inherently secure when they connect to the network.
- How do you add comments on UFW firewall rule? - nixCraft
- EncroPi - A Raspberry Pi RP2040 USB key to read, encrypt & store data (Crowdfunding) - CNX Software
- Install Malcolm Network Traffic Analysis Tool on Ubuntu 22.04 - kifarunix.com
- How a WAF Could Improve the Security of Your Linux Web Applications
- DDoS Attacks
SQL Injection Attacks
Cross-Site Scripting (XSS) Attacks
Cookie Poisoning
- Difference between Containerization and Orchestration: A Layman's Outlook
- Containerization
Containerization is the isolation of applications for deployment inside individual OS based environments inside virtual machines or physical servers, also referred to as nodes in general. An example of such a containerization tool is Docker.
Orchestration
Orchestration is the method of synchronizing multiple containers running on multiple nodes and also the nodes themselves. These nodes can be virtual machines or physical servers. An example of such an orchestration tool is Kubernetes.
- Linux Botnet Targets Weak SSH Server Credentials | Decipher
- US DoD funds Google and SkyWater to enable open-source chips • The Register
- The Fathers of Kubernetes: Where Are They Now? - Container Journal
- Joe Beda
Brendan Burns
Craig McLuckie
Kelsey Hightower
James Governor
Brian Behlendorf
The Future of K8s and Cloud-Native
Kubernetes has become an essential utility for enterprise software development—undoubtedly, it’s one of the best ways to manage large container clusters at scale.
- Solene'% : Solving a bad ARP behavior on a Linux router
- There is simple solution, but it was very complicated to find as it's not obvious.
- Books You Should Read: The Hardware Hacker’s Handbook | Hackaday
- The new normal for IT starts with open source
- Globally we saw nearly every industry go to 100% remote working overnight. Regardless of industry and size, organizations learned to operate virtually and on-demand. Companies needed to deliver goods and services to customers without a set brick-and-mortar footprint. We saw new tech hubs emerge in unlikely places because workers we no longer bound by needing to be based in specific cities. Newly-remote workers realized that they didn’t have to be tied to a physical office, and organizations focused on hiring new talent based on skill and not location.
These are not insignificant achievements, and while this way of working was unfamiliar to those who were forced to adapt during the pandemic, to the open source world, it was just another day.
- Oracle's Java Losing Out To Amazon's
- Notabase is your open-source reliable personal knowledge base
- How to Keep SSH Terminal Session Alive in Linux - TREND OCEANS
- Secure Boot Disabled? GNOME Will Soon Warn You About it! - It's FOSS News
- Using hosted image builder via its API
- How OpenSSF Scorecards can help to evaluate open-source software risks | CSO Online
- Migration to Containers, Microservices and Kubernetes - Container Journal
- Thwarting Ransomware Attacks in Kubernetes Environments - Container Journal
- Seeing the Dots, Connecting the Dots: How Government Can Unify Cybersecurity Efforts - Lawfare
- The Subversive Trilemma in Cyber Conflict and Beyond - Lawfare
- Doc Searls Weblog · The Empire Strikes On
- In between the Internet user and the advertiser, the Journal identified more than 100 middlemen—tracking companies, data brokers and advertising networks—competing to meet the growing demand for data on individual behavior and interests.The data on Ms. Hayes-Beaty’s film-watching habits, for instance, is being offered to advertisers on BlueKai Inc., one of the new data exchanges. “It is a sea change in the way the industry works,” says Omar Tawakol, CEO of BlueKai. “Advertisers want to buy access to people, not Web pages.” The Journal examined the 50 most popular U.S. websites, which account for about 40% of the Web pages viewed by Americans. (The Journal also tested its own site, WSJ.com.) It then analyzed the tracking files and programs these sites downloaded onto a test computer. As a group, the top 50 sites placed 3,180 tracking files in total on the Journal’s test computer. Nearly a third of these were innocuous, deployed to remember the password to a favorite site or tally most-popular articles. But over two-thirds—2,224—were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold.
- System Administrator Job Description | ServerWatch
- How to Protect Your Linux System Against Log4Shell | Unixmen
- Transforming into next generation businesses: lessons from APAC service providers
- The metrics can be broadly separated into two categories:
Internal capabilities: domains that are fully determined by the service provider, for example, its 5G roll-out, implementation of telco cloud, changes in organization and operations, etc.
External capabilities: domains that are influenced by how service provider engage partners and customers, for example, new services in the edge computing and private networks space.
- 4 tips to help retain IT talent | The Enterprisers Project
- 1. Prioritize communication
2. Build trust through DevOps culture
3. Practice servant leadership
4. Mentor
- Two useful ways to easily run a single test using Jest
- The Other Road Ahead
- Brooks in Reverse
- SaaS removed the dependency hell companies often found themselves in – old versions that customers refused to upgrade from that still needed to be maintained (often with backward compatibility). The downside, he said, was that you still needed to manage servers and infrastructure.
Many of those concerns are no longer true. Hosting a static site on a cloud CDN requires nearly zero ops. Edge functions don't require a site reliability engineer to ensure the hardware and runtimes are up-to-date. Further down the stack, managed services don't require developers to keep an eye on them (well, not all the time). Observability tools allow engineers to be quickly reactive to problems – and sometimes even proactively prevent full outages. Web applications evolved to do more than solve the multiple versioning issues – new strategies emerged like A/B testing and rolling deployments.
- SwissArmyPi Converts your Raspberry Pi into a Strong Hacking Tool
- Docker and the OCI container ecosystem [LWN.net]
- The Chief Information Security Officer (CISO) Workshop - Security documentation | Microsoft Docs
- The power of non-monetary investments
- The Morning After: Uber receipts are crashing Microsoft Outlook | Engadget
- New Active Directory Integration features in Ubuntu 22.04 (part 2) – Group Policy Objects | Ubuntu
- Hitting the Books: How Moderna dialed-in its vaccine to fight COVID's variants | Engadget
- Understanding Linux Containers Before Changing the World | HackerNoon
- Why use Linux containers?
Let's look at some reasons why you should use Linux containers:
Resource management: They are more effective at managing resources than hypervisors are.
Pipeline Management: LXC keeps the consistency of the code pipeline as it progresses from development to testing and production, despite the differences between these environments.
Modularity: Applications can be split into modules rather than being housed in a single container as a whole. We refer to this as the microservices strategy. Management is now easier thanks to this, and several tools are available to handle management for complex use cases.
The landscape of tooling: Despite not being technically particular to containers, the ecosystem of orchestration, management, and debugging tools coexists well with containers. Kubernete, Sematext cloud, and Cloudify are a few examples.
They support continuous deployment and integration. Because of how they operate, you can effectively deploy your applications in various environments. It prevents redundancy in your codes and deployments.
Application Isolation: Without the need to restart the system or start the OS from scratch, containers package your apps with all the necessary dependencies. These apps can be set up in various environments, and updating them only requires changing the container image. A container image is a file that contains the code and configuration needed to create a container.
Linux Container is open-source. It provides a user-friendly, intuitive user experience through its various tools, languages, templates, and libraries. For these reasons, Linux containers are great for development and production environments. Even Docker's earlier versions were built right on top of it. You can find the source code here.
- How to check if Ansible collection is installed or not - nixCraft
- 3 reasons autonomy is more important than flexibility | The Enterprisers Project
- 3 benefits of an autonomous workstyle
1. Increased productivity
2. Better work/life balance
3. A feeling of empowerment and trust
- Attack on German companies through NPM packages - LinuxStoney
- A new portion of malicious NPM packages created for targeted attacks on the German companies Bertelsmann, Bosch, Stihl and DB Schenker have been uncovered. The attack uses the dependency mixing method, which manipulates the intersection of dependency names in public and internal repositories.
- Modernizing AWK, a 45-year old language, by adding CSV support
- An Ansible playbook for solving a new problem from scratch | Enable Sysadmin
- IT hiring: Tackling the cybersecurity skills shortage | The Enterprisers Project
- 1. Look for soft skills
2. Remember that work is not a physical place
3. Focus on culture fit
4. Recruit strategically and broadly
- Best Free and Open Source Alternatives to Atlassian Bamboo - LinuxLinks
- 1. Jenkins
2. Tekton
3. GoCD
- Why You Can No Longer Buy Kindle Books via Amazon's Android App
- Unattended Debian installation | LibreByte
- Using the ping command to help determine the correct MTU setting for your network
- How to check supported MTU value for destination system and/or intermediate network ? - Red Hat Customer Portal
- Highly Effective Azure Monitoring with Azure Log Analytics
- The Ins-and-Outs of PSReadline in PowerShell
- It’s Happy Sysadmin Day! @ AskWoody
- Motherboard plastic standoff removal tool - The Silicon Underground
- To make your own motherboard plastic standoff removal tool, you need a Bic ballpoint pen. Yes, in this case the brand matters. For whatever reason they use a two-piece design for the part that holds the ink. Pull out the part that writes, while leaving the second piece that indicates what color the pen is in the tube. You will find the resulting opening is the perfect size to push down onto a motherboard standoff. Depending on the design of the standoff, it will either push the standoff all the way through, or at least hold the standoff in a position that makes it easy to pull from the other side with your other hand.
I picked up this trick sometime in the early ’90s. I don’t remember if it’s something I discovered myself accidentally, or if it’s something that someone told me. But if you ever find the seemingly useless remains of a Bic pen in a toolbox with other parts useful for fixing computers, this would be why. Someone was using it to remove motherboard stand
- How To Resolve .Net Framework 3.5 Installation Error 0x80D05001 | The Automation Blog
- 7 Reasons Why Childcare Apps Are Dangerous for Your Security
- 1. No Two-Factor Authentication
2. Security Vulnerabilities Unpatched
3. A Lack of Information for Data Privacy
4. Privacy-Compromising Features
5. Cloud Security
6. A Lack of Security Policies for Parents and Admins
7. A Lack of Concern
- The History of Kali Linux [Penetration Testing] Distribution
- Amazon Prime Day 2022 – AWS for the Win! | AWS News Blog
- How We Sent an AWS Snowcone into Orbit | AWS News Blog
- VM Appliance Monitoring and Inventory Dashboard updated | VMignite.com
- Getting Performance Ready for Digital Transformation | APMdigest - Application Performance Management
- 4 Step Process to Set Up Performance Testing
Performance testing can be executed through the below-mentioned steps:
■ Plan- Performance objectives, identify tools for testing, and create the test environment.
■ Design- Define workload, prepare test scripts and data, dry operation, and fix bugs.
■ Execute- Function according to test scripts, monitor, and gather results of the test.
■ Analyze- Locate the performance bottlenecks and loopholes, quantify improvements and generate reports.
- Own a Network of Data Centers for Less than $150! - LowEndBox
- LAPSUS$ exposes security vulnerabilities at tech companies | Born's Tech and Windows World
- Chris's Wiki :: blog/solaris/ZFSIndividualVsAggregatedIOs
- Chris's Wiki :: blog/linux/ZFSOnLinuxGettingPoolIostats
- SysAdmin Day: The cloud, security and backup risks | Born's Tech and Windows World
- Sundaram Lakshmanan, CTO for SASE solutions at Lookout, has two components to look for in cloud security: risk awareness and content awareness. Enterprises, or IT leaders, need to understand a few key concepts when considering cloud platforms:
Risk awareness. You have to be aware of the risk level of your endpoints and users.
Content awareness. This is the consideration of the sensitivity level of the data someone is trying to access. Risk-based access mitigates the threats posed by users and endpoints. However, to ensure that access decisions are made efficiently, one should also look at the data itself.
Detailed actions. Understanding the data must also extend to granular policy enforcement to ensure productivity is not compromised. Zero-trust access decisions should not be based merely on binary numbers. Detailed measures such as watermarking, keyword highlighting, and restricting downloads are critical to ensure that any risk is avoided and data is protected at all times.
Proactive encryption. Data protection must also extend beyond the personal sphere of influence. One should consider proactive encryption technologies that take into account the sensitivity of the data to ensure that the most sensitive data can only be viewed by authorized users, even if it is shared offline.
- Back Up Encrypted ZFS Data without Unlocking It · mtlynch.io
- Do You Need to Buy The Fastest NVMe? - Patshead.com Blog
- I am Using Tailscale SSH and Maybe You Should Too! - Patshead.com Blog
- Is lvmcache Effective on a Desktop or Workstation? - Patshead.com Blog
- You Might Need A Macro Pad: The JC Pro Macro 2 Mechanical Keypad - Patshead.com Blog
- Zram with lz4 compression in kernel
- Jive Search is your private self-hosted search engine
- When Your Smart ID Card Reader Comes With Malware – Krebs on Security
- The very weird Hewlett Packard FreeDOS option – Interesting things
- Response is an open-source responsiveness testing tool
- How to create a Digitalocean Managed Database cluster using terraform
- Kansas MSP shuts down cloud services to fend off cyberattack
- According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack's spread.
- Zinc is a next generation search engine written in Go
- Top 5 Best Open Source Passive OS Fingerprinting Tools in 2022
- 1. PRADS (Passive Real-time Asset Detection System)
2. Ettercap: Man in The Middle Network Security Tool
3. p0f: Scalable Passive OS Fingerprinter Tool
4. PacketFence: Passive OS Fingerprinting Tool
5. NetworkMiner: Web Crime Analysis Tool
Most of the fingerprinting and network monitoring tools work perfectly on both LAN and wireless connections. You can run them on the application layer on the network and can connect on the DHCP connection. They also support SSH, FTP, HTTP, and other protocols.
Monitoring some other systems or hacking the networking devices requires deep knowledge of hacking and networking. In the entire post, we have seen the 5 most used open-source passive OS fingerprinting tools.
- How To Protect Your Backpack From Slash Attacks - foXnoMad
- Canada Health-care Premiums & Upward Mobility | Tax Foundation
- PostgreSQL: PostgreSQL Anonymizer 1.0: Privacy By Design For Postgres
- Microsoft revises software licensing policy amid EU scrutiny • The Register
- The first is five European Cloud Principles being adopted by Microsoft across Europe, including:
We will ensure our public cloud meets Europe's needs and servesEurope's values.
We will ensure our cloud provides a platform for the success of European software developers.
We will partner with and support European cloud solution providers.
We will ensure our cloud offerings meet European governments' sovereign needs, in partnership with local trusted technology providers.
We will recognize that European governments are regulating technology, and we will adapt to and support these efforts.
- Venezuelan cardiologist charged with designing ransomware • The Register
- Gives a different perspective from quaddi and replicant
- Doc Searls Weblog · Remembering Craig Burton
- Auto Update Running Docker Containers With Watchtower - OSTechNix
- Cyber Safety Report Outlines Software Security Best Practices
- The report spells out 19 recommendations to help organizations deal with threats and improve overall security, including directives to:
Maintain an accurate IT asset and application inventory
Invest in capabilities to identify vulnerable systems
Have a documented vulnerability response program as well as a documented disclosure process
Improve SBOM tooling and adoptability
Train developers in secure software development
Increase investments in open source software security
Specifically, the report says, software developers and maintainers should:
Adopt standard practices and technologies to build secure software in accordance with ISO 27034:2011160 and NIST’s Secure Software Development Framework
Establish a comprehensive approach to code maintenance that encompasses consistent secure development processes, security assessments, and vulnerability management operations
Implement communication processes and mechanisms that provide consistent and relevant security messaging to users
Use integrated development environment (IDE) tools to help secure software development
Integrate source code scanning and tools
OpenSSF, which offers security training, tools, auditing services, and other community resources
Open Web Application Security Program (OWASP) Foundation, which tracks top security risks to web applications and provides resources for education, training, and community networking
Open Source Software Security Mobilization Plan, which outlines steps to help address open source software supply chain security
- 5 lessons from 'The Hero's Journey' to empower your IT team | The Enterprisers Project
- 1. Practice active listening
2. Reciprocate trust and respect
3. Provide support, guidance, and coaching
4. Encourage growth
5. Step back when needed
- What Is XDP (Express Data Path) in Linux - Make Tech Easier
- How to Install ModSecurity 3 + OWASP with Nginx on Rocky Linux 9 - LinuxCapable
- OWASP Rule Set with ModSecurity can almost instantly help protect your server.
Bad user agents
DDOS
Cross website scripting
SQL injection
Session hijacking
Other Threats
- Thunderbird By The Numbers: Our 2021 Financial Report
- 78.1% on people
1% on technology
- How to Create and Use Container Volumes within Portainer – The New Stack
- 10 Python In-Built Functions You Should Know - GeeksforGeeks
- Picroscopy Turns your Raspberry Pi into a Digital Microscopy
- Picroscopy
- Jan-Piet Mens :: An Ansible reference sheet
- Chris's Wiki :: blog/solaris/ZFSPoolIostatsPhysical
- Watch The World as it Collapses From Your Linux Desktop
- Spoofing Microsoft 365 Like It’s 1995 - Black Hills Information Security
- Phishing Engagements
There are several types of phishing engagements often used for testing enterprises. Some types are:
Click-rate tracking
Who clicked?
How many times?
Credential harvesting
Passwords
Cookie theft
Payload (attached or linked)
Malicious Office Document (MalDoc)
Executables
Compressed files
Many organizations have automated phishing training. Often, these programs require users to click a link in an email which tracks their “bad” behavior. These training scenarios are great to introduce users to the potential hazards of phishing attacks, however, they may miss the mark when modeling more advanced adversaries.
- Tenet Health cyberattack, monthlong outage led to $100M in 'unfavorable impact'
- While the outage was only felt by some of its hospitals and for less than a month, the $100 million impact aligns with the financial impacts reported by U.S. providers with similar outages.
For context, the more than three-month outage experienced by the entirety of the Ireland Health Service Executive last summer caused $600 million in lost revenue and recovery costs. And the Ireland HSE is the country’s primary caregiver.
On the other hand, the May 2021 cyberattack and monthlong outage at Scripps Health, with just five hospitals and 19 outpatient facilities, cost the California provider $112.7 million in lost revenue and remediation. The health system was “significantly impacted by lost revenue and incremental expense.” Scripps reported a similar insurance recovery to Tenet of $5.9 million.
Vermont Health Network’s outage lasted more than a month, led to the deployment of the National Guard and cost more than $63 million, while the Universal Health Services attack with the same outage-period cost $67 million. On average, these attacks cost about $1.5 million for each day of network downtime.
Tenet may not be out of the woods yet, either, as its affiliate Baptist Health System was hacked, which led to the theft of data tied to 1.2 million patients. Tenet is currently defending itself against the breach lawsuit.
- Meta calls for the death of the leap second | Engadget
- Climate change has Seville so hot it's started naming heat waves like hurricanes | Engadget
- Impacket Defense Basics With an Azure Lab - Black Hills Information Security
- How to Become an Azure Administrator in 2022 | ServerWatch
- Koodo is an All-in-one Open Source eBook Reader for Linux
- A Review of the Anki Application
- Protect Your Parent from Elder Financial Abuse with A Power of Attorney - FindLaw
- Open-Source Security: How Digital Infrastructure Is Built on a House of Cards - Lawfare
- How To Enable Versioning on the S3 Bucket Using Terraform
- Virtio-net failover: An introduction
- Why sudo is so important in Linux and how to use it | ZDNet
- Hijacking webcams with Screencastify | Almost Secure
- Obviously, there is Screencastify itself, running app.screencastify.com and a bunch of related subdomains. So the company itself or a rogue employee could plant malicious code here. But that’s not the end of it. The entities controlling subdomains of screencastify.com (not counting hosting companies) are at the very least:
Webflow, running www.screencastify.com
Teachable, running course.screencastify.com
Atlassian, running status.screencastify.com
Netlify, running quote.screencastify.com
Marketo, running go.screencastify.com
ZenDesk, running learn.screencastify.com
That’s quite a few companies users are expected to trust.
- Slurm Terraform | openSUSE for HPC
- Secure your website with SSL sha2 certificate - LinuxTechLab
- Can you trust a cloud provider for HA? - (Fabio Alessandro Locati|Fale)'s blog
- Contextual Logging in Kubernetes 1.24 | Kubernetes
- How to Change MAC Address in Linux - TREND OCEANS
- macchanger
- Upgrading probably the world's oldest running Linux install • The Register
- Diziet
- Managed cloud services: 4 things IT leaders should know | The Enterprisers Project
- 1. Managed cloud services vary quite a bit
2. A managed cloud services strategy must reflect your enterprise realities
3. Yes, you still need in-house skills
4. Managed cloud services and hybrid cloud pair well
- Jarvis is your open-source personal assistant
- Improve network performance with this open source framework | Opensource.com
- IT leadership: 5 essential soft skills | The Enterprisers Project
- 1. Communicate value through active listening
2. Customize communication: What do your employees prefer?
3. Make the workplace more human
4. Roll with the punches
5. Step up and empower employees
- Your cloud? My cloud now | Pen Test Partners
- A decade of dotfiles
- Digital transformation: 5 reality checks before you take the plunge | The Enterprisers Project
- 1. Define the context: Ask what is unique to your organization
2. Look outside-in: Holistically define your transformation goals
3. Assess the “to-be” organization fabric and technological architecture: Establish a roadmap to get there
4. Explore opportunities to become a platform company: Establish and implement platforms
5. Think big. Start small. Build and expand as you go. Be agile
- How the Kaizen mindset fosters smart contrarians on your IT team | The Enterprisers Project
- 1. Reactive Kaizen
2. Proactive Kaizen
3. Innovative Kaizen
"By infusing “there may be a better way” into corporate culture, IT leaders can inspire associates to challenge the status quo. The result is an IT organization that is proactive about making positive changes without fear of rubbing anyone the wrong way."
"A key to success is ensuring that all employees have access to a standardized set of Kaizen processes, templates, tools, and metrics to simplify the process of implementing reactive, proactive, and innovative Kaizen models. It’s also important to track and measure the effect these discoveries have on overall effectiveness, reward associates for their findings, and recognize smart contrarians every quarter."
- 3 practical tips for agile transformation | Opensource.com
- 3 tips for achieving team agile
1. Workshop it
2. Make it incremental
3. Address benefit redistribution
- Security and Human Behaviour 2022
- How To Use Tags In Ansible Playbooks - OSTechNix
- Returning to Hacker Summer Camp · System Overlord
- Detectree: Open-source tool simplifies data analysis for blue teams, reduces alert fatigue - Help Net Security
- Disable Windows Defender in powershell - a script to finally get rid of itBidouilleSecurity
- Running the Steam Deck’s OS in a virtual machine using QEMU | The world won't listen
- Install OpenLiteSpeed with PHP 8 on Rocky Linux 8 / AlmaLinux 8
- Containers vulnerability risk assessment
- his question, "Does it matter?", has two parts:
How soon does it need to be fixed (a question for the software vendor)?
How soon does it need to be applied (a question for the end user)?
- Community metrics – Sri Ramkrishna
- Kubernetes Operators: good security practices
- Chris's Wiki :: blog/tech/PublicCryptoAlgorithmsMathWhy
- Cybersecurity, the ECPA, Carpenter, and Government Transparency - Lawfare
- A cautionary tale about locking Linux & FreeBSD user accounts - nixCraft
- A locked or unlocked user account doesn’t matter on the remote machine if a session is already established on the OpenSSH server. It will directly connect using the ssh. Here is how to find out i
- How To Set Up ModSecurity with Apache on Ubuntu 22.04 LTS - idroot
- Ukraine's secret cyber-defense: Excellent backups • The Register
- "The Russians are horrible at combined arms," Alperovitch said, noting this holds true for air and ground military invasion.
"And that's what we've seen in cyber as well," he added. "Even though they've been able to achieve tactical successes on a number of occasions, including in the case of Viasat, they've not been able to leverage it to actually prosecute a campaign. The best tactics, even in cyber, don't compensate for a really, really bad plan."
- Windows Follina zero-day exploited to infect PCs with Qbot • The Register
- Yet More New HTTP Specs
- What Is Oracle Linux? The Powerful, Free RHEL Alternative Explained
- Chips Bill: Semiconductor Computer Chip Subsidies? | Tax Foundation
- ChinaTalk: Elite Power Struggles in the CCP and USSR - Lawfare
- Google fires researcher who claimed LaMDA AI was sentient | Engadget
- Margaret Mitchell, who was fired from Google after calling out the lack of diversity within the organization, wrote on Twitter that systems like LaMDA don't develop intent, they instead are "modeling how people express communicative intent in the form of text strings." Less tactfully, Gary Marcus referred to Lemoine's assertions as "nonsense on stilts."
- Ransomware is indiscriminatory – prepare for everything to fail, CIO News, ET CIO
- Follow the 3-2-1-1-0 backup rule, which states there should always be at least three copies of data, on at least two different types of media, at least one off-site and one immutable or offline, with zero unverified backups or errors.
- Cockpit 273 — Cockpit Project
- IT talent: How upskilling can help boost digital transformation | The Enterprisers Project
- 3 automation trends happening right now | The Enterprisers Project
- 1. Edge computing scale depends on automation
2. Security automation, meet automation security
3. IT automation as a career booster – not a career killer
- Is It Possible to Reconcile Encryption and Child Safety? - Lawfare
- massCode: A Free and Open-Source Code Snippet Manager - It's FOSS
- Proxmox VE - How to build an Ubuntu 22.04 Template (Updated Method) - Invidious
- Getting started with automating and managing SSH server configuration with RHEL system roles
- Pay the ransom and hope for the best... - rhyshammond.com
- Confusion on containers - SysAdmin1138 Explains
- Using Windows Update Delivery Optimization in Local Networks | Windows OS Hub
- Create and Deploy Virtual Machines with vTPM on VMware vSphere ESXi - The Tech Journal
- The History of Countering Violent Extremism Tends to Repeat. It Shouldn’t. - Lawfare
- Statistical Analysis Software on Ubuntu (Free and Open Source SPSS Alternatives)
- 1. LibreOffice Calc
2. GNU PSPP
3. GNU R and RStudio
4. JASP
5. jamovi
- 12 Commands to Check Linux System & Hardware Information
- 5 Harvard Business Review articles CIOs should read this month | The Enterprisers Project
- IT talent: 5 ways to better leverage remote teams | The Enterprisers Project
- 1. Create scrum and dev channels
2. Host daily standups
3. Use time zones to your advantage
4. Trust your teammates
5. Hours don't matter, results do
- Chris's Wiki :: blog/programming/UnixLogTimestampsInThings
- Log4J: SMEs not aware of, DHS see problems for a decade | Born's Tech and Windows World
- Cybersecurity, ISA99, and 62443 | The Automation Blog
- Remove Unicode and extended ASCII in Notepad++ - The Silicon Underground
- Let's Encrypt for VMware ESXi standalone hosts - ESX Virtualization
- Shoreline.io Announces Open Source Solutions Library | APMdigest - Application Performance Management
- Become a Certified Datacenter Associate Online...for FREE! - LowEndBox
- Chris's Wiki :: blog/sysadmin/IMAPIOTrafficImbalance
- CalDavZAP: A Self-hosted Open-source CalDAV Server
- CalDavZAP
- How to Extract Text From PDFs and Images on Linux Using gImageReader
- gImageReader
- Ansible Server Provisioning - Unix / Linux the admins Tutorials
- Scanning for security.txt files | Pen Test Partners
- Understanding Memory Leaks in Java | Developer.com
- One of the best ways to prevent memory leaks in Java is to use a tool like JProfiler, which can help you identify places where your code is allocating memory but not releasing it properly. JProfiler can also help you identify other potential causes of memory leaks, such as holding on to references to objects that are no longer needed.
Once you have identified potential sources of memory leaks, you can then modify your code to make sure that resources are properly released when they’re no longer needed. This can help reduce the overall memory footprint of your application and improve its overall performance.
- Retbleed: Arbitrary Speculative Code Execution with Return Instructions - Computer Security Group
- Privilege: The Before and After of a Breach | Advanced Persistent Security
- Cultivating Europe’s Data Garden - Lawfare
- Tropy: An Open-Source App to Organize Your Research Photos - It's FOSS
- The Hidden Cost of Fixing Your Kubernetes Clusters - Container Journal
- Misconfigurations Matter
Kubernetes Nodes
Rightsizing Works
- RHEL 9 networking: Say goodbye to ifcfg-files, and hello to keyfiles
- Digital transformation: 3 things successful CIOs know | The Enterprisers Project
- 1. Spend time on strategy and always point it to your business
2. Measure twice, cut once, and iterate
3. Business first, then tech
- Open Source Software FAQ
- The Resiliency in the Web’s Layers - Jim Nielsen’s Blog
- 9 CIOs share the tips that shaped their leadership style | The Enterprisers Project
- Be humble.
Lead by example.
Write a list of everything you see in other leaders and emulate the positives and avoid the negatives. This list should always be growing
Revisit that list (#3) at least every 6 months to make sure that you are following it and potentially even recognizing that some things may have changed.
Always be certain that your team’s benefits outweigh their costs and be able to deliver that message on a moment’s notice.
Character matters
Ethics are essential
- The US military wants to understand the most important software on Earth | MIT Technology Review
- Modernization: Why is it hard?
- Alignment is necessary but hard
Gatekeeping silos
Busywork and excess middle management
"Rockstars" don’t always save the day
Attrition leading to lost knowledge
Cost-cutting culture
Unclear standards and policies
Crowded marketplace
- 4 reasons to invest in leadership training for everyone | The Enterprisers Project
- 1. Leadership isn't born, it's nurtured
2. Leadership training induces loyalty
3. Leadership training can align your employees with your brand promise
4. Leadership training can demonstrate equity and inclusion
- CP/M's open-source status clarified after 21 years • The Register
- GUEST BLOG: My CISSP Success Story | Advanced Persistent Security
- UNK
- How to Record and Replay Linux Terminal Sessions
- The First Cyber Safety Review Board Report is Out - Lawfare
-
- Reworking our Visual Metrics Processing System – Mozilla Performance
- 5 Tricky Container Security Challenges - Container Journal
- Container abstraction makes visibility a challenge
Kubernetes itself is an attack surface
Developers must play an increasingly crucial security role
Security automation is the number-one DevOps challenge
Container and Kubernetes security require a new security model
Developers, DevOps and security teams must shift left and lead security automation together
- How to Install FreetuxTV on Ubuntu 20.04 | 22.04 LTS -
- What to Make of Microsoft’s Year in Cybersecurity - Lawfare
- Stratum 1 Grandmaster Time Server On A Budget | Hackaday
- The Story of CP/M
- yt-dlp - fork of youtube-dl - LinuxLinks
- An Incredibly Amazing Co-Incidence Of Doubled, Double Disk Failures! - LowEndBox
- Apparently a software bug caused all four SSDs to self-destruct at approximately 40,000 hours of operation.
It seems obvious that redundant equipment would provide additional safety. It formerly seemed much less obvious, at least to me, that two similarly manufactured items might fail simultaneously. I always imagined there was a very high degree of security added by a second set of equipment.
- Chris's Wiki :: blog/spam/DKIMSignatureTypes-2022-07
- GitHub - paradux/paradux: Paradux: recover from maximum data disaster
- I’ve locked myself out of my digital life – Terence Eden’s Blog
- Linked: Succession planning isn't only about executives
- shot-scraper
- Integrating Security and Compliance Teams to Curb Modern Risks | APMdigest - Application Performance Management
- Patch Standalone VMware ESXi 7 to 7u3e latest version - ESX Virtualization
- How To Create VMware ESXi ISO With Latest Patches - ESX Virtualization
- Bash Scripting - If, Else If, Else Tutorial - buildVirtual
- Vulnerability Management news and publications #1 | Alexander V. Leonov
- Both Google and Mandiant tracked a record number of zero-days last year. More zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there’s some basic cyber hygiene strategies that can keep your organization sufficiently prepared to mitigate zero-day exploits.
Ensure that the technology your organization has is sufficient for protecting from the unknown. Many zero-days may never hit a hard drive, so pointing threat detection tools there could be fruitless.
Patching is integral to protection against exploits. Staying on top of guidance from industry organizations like International Information System Security Certification Consortium (ISC)2 or federal authorities like the Cybersecurity and Infrastructure Security Agency is a good way to prioritize the exploit.
Zero-day exploits are those that the vendor doesn’t know exist, and therefore no patch is available. In some cases, protection technologies can use behavioral detections to block certain activities, while in other cases, using detection technologies or human expertise in a security operations center is the only defense. Investing in the human element of security will place an organization in the best position to limit the financial and data losses zero-days can incur.
While patching is proper preparation, the investment in trained security professionals, in-house or outsourced, is the best defense against zero-days.
- Cloud Vulnerabilities & Security Issues Database
- When Should You Start Estate Planning? - FindLaw
- How To Talk to Your Loved Ones About Estate Planning - FindLaw
- family
- Cyber Command’s Annual Legal Conference - Lawfare
- Lt. Gen. Charles Moore, who serves as Nakasone’s deputy, explained that combining information operations with cyber measures could give the U.S. a strategic advantage against adversaries in the future. “Without a doubt, what we have learned is that cyber-effects operations in conjunction—in more of a combined arms approach—with what we call traditionally information operations, is an extremely powerful tool.” He said that the U.S. should adopt “a strategy that’s focused on affecting adversaries’ perceptions.”
- How Can One Know When To Trust Hardware and Software? - Lawfare
- Add-MpPreference (Defender) | Microsoft Docs
- Add-MpPreference -ExclusionPath "C:\Temp"
- New Podcast: "Life During Cyberwartime" | DennisKennedy.Blog
- Not Receiving SMS Text Message 2FA Codes? Call Your Carrier - TidBITS
- All’s well that ends well, but the moral of the story is that if you aren’t receiving SMS text messages, particularly those that carry 2FA codes, call your cellular carrier and ask if they’re being blocked.
- Defense: Windows task scheduling as an attack vector | Born's Tech and Windows World
- Monkeypox outbreak was avoidable and we ignored the warning signs, expert says : NPR
- "If we do want to get in front of emerging infectious diseases, we are going to have to prioritize dealing with emerging global disease threats at the site where they are spreading early on," Rimoin said. "We are totally interconnected by trade and travel, population growth, population movement, and we cannot make the mistake again of thinking that an infection that's happening somewhere in a remote area of the world isn't going to affect us right at home."
- The Cyberlaw Podcast: “The First Thing We Do, Let’s Hack All the Lawyers” - Lawfare
- Oh Canada: A Canadian Risk Assessment of the United States - Lawfare
- The Lawfare Podcast: Aaron Friedberg on "Getting China Wrong" - Lawfare
- Infiltrate, Exploit, Manipulate: Why the Subversive Nature of Cyber Conflict Explains Both Its Strategic Promise and Its Limitations - Lawfare
- How to Work with Ansible When and Other Conditionals
- Drag soldering through-hole pins – LinuxJedi's /dev/null
- Kali Linux in Linode's Cloud | Kali Linux Blog
- How to Install Ansible on RHEL 9 (Step by Step)
- LC Channel Scan For USB TV Tuner ... Simplified
- Brick by brick: why Docusaurus is a powerful documentation framework - DEV Community
- 7 CNCF Projects For Building Cloud-Native Networks - Container Journal
- Antrea - Kubernetes networking based on Open vSwitch
Cilium - eBPF-based networking, security, and observability
Container Network Interface (CNI) - Interface specification for container networking
CNI-Genie - A tool that allows multiple CNI plugins to co-exist at runtime
Kube-OVN - A Kubernetes network fabric for enterprises
Network Service Mesh (NSM) - A hybrid multi-cloud IP service mesh
Submariner - Direct, multi-cluster networking for hybrid and multi-cloud
- How to Create a JAR File
- What Is the US Cyber Command?
- Purple Knight - Evaluate the security of your Active Directory
- ping-castle
- Raspberry Pi Imager 1.7 Released with New Advanced Settings, Zstd Support, and More - 9to5Linux
- Cloud OSINT. Finding Interesting Resources | Pen Test Partners
- How to Create and Use MacVLAN Network in Docker
- 7 books that CIOs should read this summer | The Enterprisers Project
- 1. The Work of the Future
Building Better Jobs in an Age of Intelligent Machines
by Elisabeth B. Reynolds, David A. Mindell, and David Autor
2. Net Positive: How Courageous Companies Thrive by Giving More Than They Take
by Paul Polman and Andrew Winston
3. Radically Human: How New Technology Is Transforming Business and Shaping Our Future
by Paul Daugherty and H. James Wilson
4. Digital Trailblazer: Essential Lessons to Jumpstart Transformation and Accelerate your Technology Leadership
By Isaac Sacolick
5. Stuck: How to Win at Work by Understanding Loss
By Dr. Victoria M. Grady and Patrick McCreesh, PhD
6. The Future of Workplace Fear – How Human Reflex Stands in the Way of Digital Transformation
By Steve Prentice
7. Leading with Heart: Five Conversations That Unlock Creativity, Passion and Purpose
By John Baird and Edward Sullivan
- COVID-19 Is Making Young Adults Think About Estate Planning - FindLaw
- How to Capture Network Traffic in Linux With tcpdump
- How to Use Restic to Backup and Restore Data in Linux - ByteXD
- My 2022 Higher Education Finance Reading List – Robert Kelchen
- What Is a Transistor and What Is It Used For?
- Kubernetes API Server SLO Alerts: The Definitive Guide – Povilas Versockas
- How to Create an ISO Image From a Folder Using the Windows Command Prompt
- OSCDIMG -n -d -m PathToSource Destinationfile.ISO
- NIST Announces First Four Quantum-Resistant Cryptographic Algorithms | NIST
- 30+ Free and Open Source Kubernetes Monitoring Tools
- Command and Shell Module in Ansible: Differences and practical usage
- How to find UUID of Disk Storage with the simple command - TREND OCEANS
- Linux Security Auditing with Lynis
- Extracting Metadata from PcapNG files
- How Cobalt Strike Became a Favorite Tool of Hackers | eSecurityPlanet
- What’s the Cost for Not Having a CISO on Staff? $600 Million? | Alexander's Blog
- Creating a Shortcut for Windows Update in Windows Server 2019 | Alexander's Blog
- Vulners Linux Audit API: Security Bulletin Publication Dates in Results | Alexander V. Leonov
- Identify Bird Sounds With BirdNET-Pi on Raspberry Pi
- How to Check and Install Security Updates on RHEL 6/7/8 - ByteXD
- Latest MITRE Endpoint Security Results Show Some Familiar Names on Top | eSecurityPlanet
- Chainguard: It’s All About That Base Image – The New Stack
- A Millennial Contemplates the Digital Life - Wahl Network
- Chris's Wiki :: blog/sysadmin/ReproducibleMachinesWhy
- Security for Kubernetes: Pitfalls and Solutions | Born's Tech and Windows World
- Automate Tasks With Terraform Docker Integration
- SQL Server on Linux: Scatter/Gather == Vectored I/O - Microsoft Tech Community
- Five Great Reads on Cyber, Data, and Legal Discovery for June 2022
- Kitchen Soap – Book Suggestion: “Dialogue: The Art Of Thinking Together”
- Kitchen Soap – Architectural Folk Models
- Kitchen Soap – Some Principles of Human-Centered Computing
- Kitchen Soap – An Open Letter To Monitoring/Metrics/Alerting Companies
- Bluejacking vs. Bluebugging vs. Bluesnarfing: What's the Difference?
- The History of Ubuntu Linux Distribution System
- Common Security Advisory Framework (CSAF) beta files now available
- SAS2008 LBA, Seagate Ironwolfs and scary log messages « Ville-Pekka Vainio's blog
- Unaligned partial completion ...
tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE ...
print_req_error: critical medium error ...
- How to manage SSH keys on Cockpit for remote SSH key authentication | TechRepublic
- SBOM - SB Doesn’t Stand for Silver Bullet - Linux Foundation
- Rapid7 InsightIDR Testing & Review
- TIC Guidance | CISA
- How to Install Latest Linux Kernel in RHEL 8
- SELinux is unmanageable; just turn it off if it gets in your way
- Verizon 2022 DBIR: External attacks and ransomware reign - Help Net Security
- For this latest edition, the company’s analysts have examined 23,896 security incidents (5,212 of which were confirmed breaches) between November 1, 2020 and October 31, 2021, and found that:
External actors are 4 times more likely to cause breaches in an organization than internal ones
Roughly 4 in 5 breaches can be attributed to organized crime
“Financial gain” is the number one motive for the overwhelming majority of data breaches, “espionage” is in the second spot
Over half of breaches involved the use of either remote access or web applications
62% of system intrusion incidents came through an organization’s partner (mostly due to single supply chain breaches)
82% of analyzed breaches over the past year involved a human element (human error, misuse of privilege, social engineering attacks, etc.)
The vast majority of breaches include only a handful of steps, whith three actions being most common (Phishing, Downloader, and Ransomware)
- Ansible Ad Hoc Commands - OSTechNix
- FFmpeg Commands: 31 Must-Haves for Beginners in 2022 - VideoProc
- 1. FFmpeg Get Video Info
2. Preview or Test Video or Audio Files
3. FFmpeg MOV to MP4 (Convert Video/Audio to Another Format)
4. FFmpeg Extract Audio (Convert Video to Audio)
5. FFmpeg Remove Audio
6. Convert a Specific Portion of a Video
7. FFmpeg Trim Video
8. Cropping Videos
9. FFmpeg Resize Video
10. FFmpeg Combine Audio and Video
11. FFmpeg Concatenate Videos
12. FFmpeg Rotate Video
13. FFmpeg Speed Up Video
14. FFmpeg Compress Video
15. Zoom In and Zoom Out Videos
16. FFmpeg Loop
17. Set Frames Per Second (FPS)
18. Set Group of Pictures (GOP)
19. Copy Metadata
20. Add Subtitle to Video
21. Keep Original Encoding
22. Create Animated GIF
23. FFmpeg Resize Image
24. FFmpeg Images to Video
25. Convert a Single Image Into a Video
26. FFmpeg Extract Frames
27. Change the Volume of Audio Files
28. Compressing Audio Files
29. Increase/Decrease Audio Playback Speed
30. Add an Image to Audio
31. Getting Help
- Potential threats to uninterruptible power supply (UPS) devices - Help Net Security
- 5 Keys to Optimizing Application Container Testing | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More
- 1. Start with a baseline scan using a third-party tool or service.
2. Automate container scanning.
3. Actually manage the test resources.
4. Decide where to run application container tests.
5. Get the most out of application containers.
- KDDI says 70% of services restored after wide network troubles - Japan Today
- Software Over Time - Jim Nielsen’s Blog
- Cloud consultants: 4 questions to ask about your strategy | The Enterprisers Project
- 1. What can we do with this consultant that we couldn't do without?
2. No, really: What are they going to work on?
3. How do we know when to use a consultant?
4. How will we measure results?
- CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
- Lorien: Infinite canvas drawing/whiteboarding tool for Linux - TREND OCEANS
- How to Create a Data Backup and Recovery Strategy for Linux
- A solid backup plan will allow you to:
Quickly recover your core data for business continuity
Secure your business, because data is one of the most valuable assets to any business
Save money on expensive recovery solutions or professionals in case of data loss
- Security features in Red Hat Enterprise Linux 9
- In RHEL 9, the system-wide cryptographic policies have been adjusted to provide up-to-date security defaults:
Disabled TLS 1.0, TLS 1.1, DTLS 1.0, RC4, CAMELLIA, DSA, 3DES, and FFDHE-1024 in all policies.
Increased minimum RSA key size and minimum Diffie-Hellman parameter size in LEGACY.
With the exception of Hash-based Message Authentication Codes (HMACs), SHA-1 is disabled in TLS and SSH algorithms.
- Weave Cybersecurity into your product design | Ubuntu
- Cybersecurity doesn’t directly contribute to revenue.
Cybersecurity can potentially delay time to market.
Designers and managers typically underestimate how severe the consequences of cybersecurity vulnerabilities can be.
- The road to JBoss EAP 8 | Red Hat Developer
- Irving Wladawsky-Berger: How to Build Organizational Resilience to Cyberattacks
- Obsolescence of ATO Pathways
- Zero Trust Security Is Here To Stay For Decades - LinuxTechLab
- Codenotary introduces Software Bill of Materials service for Kubernetes | ZDNet
- Debian and The History of Debian Linux Distribution
- Why organizations need site reliability engineers | Opensource.com
- By resembling production as much as possible, the pre-production environment improves confidence in releases.
- Scanning container image vulnerabilities with Clair
- Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations – NVISO Labs
- How to approach sustainability in IT operations
- Using fwupdmgr to update NVME firmware – nullr0ute's blog
- What tools can be used for stress test in JBoss EAP? - Red Hat Customer Portal
- Gatling - Professional Load Testing Tool
- Faban - Helping measure performance
- Apache JMeter - Apache JMeter™
- The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact | Securelist
- eXaDrums is an open source, low-latency electronic drum system | Arduino Blog
- dnf-automatic: Enable Automatic Updates for RHEL-based distributions - TREND OCEANS
- The Cybersecurity Skills Gap is Another Instance of Late-stage Capitalism - Daniel Miessler
- 3 ways CIOs should approach IT team accountability | The Enterprisers Project
- 1. Expect the unexpected
2. Check in regularly
3. Aim for alignment
- 9 hiring trends for the most in-demand IT jobs of 2022 | The Enterprisers Project
- 1. IT Operations professionals are in demand
2. DevOps Engineer is still the top title being hired
3. There are barriers to skill development
4. Only 50 percent of enterprise IT organizations have a formal upskilling program
5. Skill development is on the rise
6. The application of new skills learned is mediocre
7. Certifications are very valuable
8. Happiness is relative
9. Technical skills are more in demand than human skills for today’s hiring managers
- Notes on running containers with bubblewrap
- Guide to Web Application Penetration Testing
- A penetration test is an effective way to identify unknown vulnerabilities.
The test helps validate the effectiveness of the overall security measures implemented.
The Penetration Test is essential to augment the web application firewall from the web application security perspective.
Penetration tests help businesses identify and prioritize resources to mitigate the risk.
The test helps users discover the most vulnerable route for attack and its possible impact.
The test helps you find security flaws and loopholes that can result in a breach and/or theft of sensitive data.
- Digital transformation: 5 steps to boost your progress | The Enterprisers Project
- Step 1: Evaluate where you are
Step 2: Appoint a CDO–if only for the time being
Step 3: Understand what data you have available, and how to leverage it
Step 4: Focus on your people
Step 5: Know when you’re done
- Introducing A New Performance Comparison Tool – PerfCompare – Mozilla Performance
- Translators and free software, a practical introduction to OmegaT — GNU MediaGoblin
- OmegaT
- Norway hit with cyberattack, temporarily suspending service | The Hill
- Nessus false positives - The Silicon Underground
- What Is Desoldering Wick and When Should You Use It?
- When routine medical tests trigger a cascade of unnecessary care : Shots - Health News : NPR
- Is HIPAA Privacy a Federal Law?
- How to read a Nessus scan report - The Silicon Underground
- SMBs are still making the same silly cybersecurity mistakes | TechRadar
- Why cybersecurity is also a human issue, not just a technology one - TechNative
- How to avoid costly medical bills and get out of medical debt : Shots - Health News : NPR
- Composable tools for disk images | Richard WM Jones
- The End-to-End Zero Trust Journey: How Did We Get Here? - VMware Security Blog - VMware
- Updating A Free Udemy Bootstrap Course On Oracle Cloud Free Tier - LowEndBox
- Windows Server 2022 Automated Active Directory Install
- Using Free Dynamic DNS with afraid.org - LowEndBox
- A New, Remarkably Sophisticated Malware Is Attacking Routers | WIRED
- 52 Things I Learned in 2021
- Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues
- Hitting the Books: Why lawyers will be essential to tomorrow's orbital economy | Engadget
- Thai Coconut Rice Pudding with Jasmine Rice, a South Asian Dessert | Penniless Parenting
- GitHub - dwmkerr/hacker-laws: 💻📖 Laws, Theories, Principles and Patterns that developers will find useful. #hackerlaws
-
Hofstadter’s Law: It always takes longer than you expect, even when you take into account Hofstadter’s Law.
Amara’s Law: We tend to overestimate the effect of a technology in the short run and underestimate in the long run
Putt’s Law: Technology is dominated by two types of people, those who understand what they do not manage and those who manage what they do not understand.
- Eponymous Laws Part I: Laws of the Internet
- How To Install DBeaver CE On Ubuntu / AlmaLinux & Fedora | Tips On UNIX
- How to Install and Use Apache Guacamole Remote Desktop on Rocky Linux 8
- Ansible Lab Setup With Vagrant And Virtualbox In Linux - OSTechNix
- How to Install Apache Tomcat 10 on Ubuntu 20.04
- Wazuh Vulnerability detection - Unix / Linux the admins Tutorials
- Another Critical Active Directory Certificate Services NTLM Relay Vulnerability allows for Domain Takeover (DFSCoerce, Critical) - The things that are better left unspoken
- DFSCoerce
- Stop Pretending Your Company is Remote
- Add ESXi Host to Cluster with Terraform - vGemba.net
- Enhance Your IT Scripting with the Prettier VSCode Plugin
- A Great Digital Employee Experience Keeps Employees
- As an employee, my priorities have changed; I prefer flexibility and time management without compromising personal and family aspirations. Organizations are monitoring these newfound preferences of employees closely. They are fine-tuning policies about how employees leverage tools to set up digital employee-friendly practices in order to retain, promote talent, and remain competitive in the industry.
- Robert Stephens, Founder of The Geek Squad – Cool Tools
- Organizing Cables and Other Gear Using Hanging Storage Bags – Cool Tools
- The Time Hack Everyone Should Know | The MIT Press Reader
- GitHub - PaulJenkin/PS4RaspberryPi: PiZero to host a server and emulate USB loading when necessary
- How to use loops in Terraform
- 20 Useful Security Features and Tools for Linux Admins
- Linux History Command with Advance Examples - TREND OCEANS
- Bolt-On vs Baked-In Cybersecurity - Lawfare
- The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds castles in the air, creating by the exertion of the imagination .... Yet the program construct, unlike the poet’s words, is real in the sense that it moves and works, producing visible outputs separate from the construct itself .... The magic of myth and legend has come true in our time. One types the correct incantation on a keyboard, and a display screen comes to life, showing things that never were nor could be.
- (125) Monica Setup on Portainer | A Personal Relationship Manager - YouTube
- PCI Express 7 will be eight times faster than PCI Express 5 | Engadget
- AWS IoT ExpressLink Now Generally Available – Quickly Develop Devices That Connect Securely to AWS Cloud | AWS News Blog
- Starting Your Leadership Journey - Wahl Network
- Chris's Wiki :: blog/tech/HDDsNowSomewhatBetter
- It's not wget or curl, it's iwr in Windows - krypted
- iwr -uri https://pathtothefile/myfile.txt -OutFile ./myfile.txt -UseBasicParsing -UseDefaultCredentials
- Directing different ports to different containers with Traefik · The Odd Bit
- Traefik
- Linked: Bad news: The cybersecurity skills crisis is about to get even worse
- Low Cost Shielding Idea for Plastic RTL-SDRs
- Kitchen Soap – Multiple Perspectives On Technical Problems and Solutions
- Dark hours – postincident recovery without procedures and documentation | CQURE Academy
- CISO MindMap 2022 - RecommendationsRafeeq Rehman | Cyber | Automation | Digital
- Powershell Log Archival Script - byronpate.com
- Coveware's testimony to the HSGAC on Mandatory Reporting Laws
- Top 11 Ransomware Prevention Best Practices | ServerWatch
- Offline backups are isolated from the internet and cyberattacks, including ransomware.
Spam filters can prevent the vast majority of email-based ransomware attacks before they even happen by blocking emails that potentially contain ransomware.
Microsegmentation isolates data in different parts of a network, which helps to prevent the spread of ransomware to all data.
Sandbox testing should be used when introducing new files to a network. It prevents files from accessing the network, meaning possible ransomware won’t be able to cause damage.
Ad blocking is a simple measure that can be taken to help prevent ransomware, as many threats are distributed through malicious ads.
Review port settings for ports 3389 and 445, which are popular targets for ransomware threats. If your business does not need these ports open, then consider closing them. If they do need to be open, then access should be limited to only trusted hosts.
Training your team on the importance of ransomware prevention is especially crucial when it comes to recognizing, avoiding, and reporting suspicious email threats.
Put an intrusion detection system (IDS) in place to look out for threats by scouring network logs for signatures of malicious activity.
Remove unnecessary systems, hardware, software, and services that expose your business to unnecessary risks and attacks by being attached to the network.
Have a layered security approach in place with measures such as antivirus software, firewalls, and multi-factor authentication.
Encrypt important data so that, in the event your company does get breached, it won’t be able to be exfiltrated.
- 8 System Administration Tasks to Automate | ServerWatch
- 1. Patching
2. Password Resets
3. Freeing Up Server Disk Space
4. Disk Usage Scans
5. Restarting Services
6. Reboots
7. Malware Scans
8. Remote Shutdowns
- Someone made a tombstone to mark Internet Explorer’s end-of-support date | Engadget
- OpenSSF Protects Open Source Security as Cold War Turns Hot- FOSS Force
- Linux command line presentation - Linux Tutorials - Learn Linux Configuration
- Ansible Playbooks - OSTechNix
- GitHub - showmewebcam/showmewebcam: Raspberry Pi + High Quality Camera = High-quality USB Webcam!
- Report reveals half of Japan's businesses had yet to ditch Internet Explorer | Engadget
- Backup Kubernetes Cluster Resources to AWS S3 with Velero | Lisenet.com :: Linux | Security | Networking
- My CS50P Final Project Presentation – Bruce Elgort
- How to customize crypto policies in RHEL 8.2
- Chapter 4. Using system-wide cryptographic policies Red Hat Enterprise Linux 8 | Red Hat Customer Portal
- 3-Ingredient Double Chocolate Mousse (Low Carb) + VIDEO - Cafe Delites
- How to Back Up and Restore Wireless Network Profiles Using Command Prompt on Windows
- To export all the available profiles, enter the following command: netsh wlan export profile key=clear folder=[folder path]. Where you see [folder path], enter the path to the folder on your computer where you want the profiles saved, without the square brackets.
- OpenValue | Blog | Observability 4 JVM Frameworks with Grafana in Java and Kotlin
- Terraform Best Practices for Better Infrastructure Management | by Ioannis Moustakis | Spacelift | May, 2022 | Medium
- 5 RAM Myths and Misconceptions That Really Aren't True
- 1. "You Can't Mix RAM Sizes," or "You Can't Mix RAM Brands"
2. "I Don't Need More RAM," or "My System Has Enough RAM"
3. "RAM Size Is All That Matters"
4. "Clear Your RAM to Boost Its Speed"
5. "You Must Use an Equal Number of RAM Sticks"
6. "You Cannot Upgrade the RAM on a Laptop"
You can do a lot with RAM: mismatched sticks, different speeds, different sizes, and so on. For the most part, you'll just end up with a slower computer. Still, it is always best to match your RAM sticks. That way, you'll receive the best performance available, and there is less chance of corruption or other issues arising from mismatched memory modules.
- Check Wi-Fi Signal Strength on Windows with PowerShell | Windows OS Hub
- Manage Playbooks and Inventories Easily with Ansible Tower
- AWS Inspector : A Guide to Discover Your Security Holes
- Linked: Most organizations that paid a ransom were hit with a second ransomware attack
- Was GE CEO Jack Welch bad for business? : NPR
- How to Troubleshoot Applications on Kubernetes
- ESXi Host Uptime using PowerCLI - buildVirtual
- Upgrade Kubernetes Cluster - Cheat sheet -
- Why web3 supposedly isn’t a scam ! even the horse knew
- Accounts Continued - Azure with PowerShell III - tommymaynard.com
- What Is the Kakeibo Method, and How Does It Save You Money? – BeingFrugal.net
- How Kakeibo Can Make You Rich Through Saving - Daybreak with Ray
- Shields Health Care hack may have exposed data for 2 million people | Engadget
- Tuning the OpenZFS write throttle | Delphix
- Robert Milkowski's blog: TrueNAS Scale and ZFS Write Throttling
- A Reply to Alex Danco: Revisiting MacLeod and the Three Ladders in the Wake of Trump – Michael O. Church
- Terraform Hangs Solved – Michael Ellerbeck
- What Is the Correct Soldering Temperature?
- Invoke-VMScriptPlus v3 - LucD notes
- At Your Fingertips - LucD notes
- Cloud-init - Part 5 - Running Containers - LucD notes
- Cloud-init - Part 4 - Running Scripts - LucD notes
- Cloud-init - Part 3 - Photon OS - LucD notes
- Cloud-init - Part 2 - Advanced Ubuntu - LucD notes
- Cloud-init - Part 1 - The Basics - LucD notes
- A Hitchhikers Guide to SRS 1.0.0 - LucD notes
- Feeding ACARS Data to Airframes.io
- aircraft
- Starlink stats for a year | Nelson's log
- Building a Budget Homelab NAS Server (2022 Edition) · mtlynch.io
- Handy Frameworks for Life - Wahl Network
- B – Begin the Planning – what do you want to do?
A – Arrange for Reconnaissance – what information do you need to complete your plan?
M – Make Reconnaissance – go get that information, repeat until 75%+ confident
C – Complete the Planning – complete your plan
I – Issue the Order – tell the people that need to know
S – Supervise – make sure it happens
- Beautiful Basics: Lesson 3 :: malicious.link — welcome
- How to Set Up SSH Passwordless Login (Step-by-Step Tutorial)
- Three-quarters of Security Pros Believe Current Cybersecurity Strategies Will Shortly Be Obsolete - Infosecurity Magazine
- “Boards must make sure CISOs have the budget necessary to get short-term issues under control and then begin planning a long-term business-wide strategy. Such a strategy should be supported by a standard operating model with robust processes and policies for the company’s entire supply chain. Every month of delay leaves businesses open to potentially crippling cyber-attacks,” stated Stuart Jubb, Group Managing Director at Crossword Cybersecurity plc, in a press release.
At present, cybersecurity pros believe companies are predominantly focused on short-term priorities, namely software verification and ransomware attacks. In the next 12 months, three-quarters of respondents stated that software verification would be a crucial focus, while 69% of those surveyed said they would transition to the cloud. Additionally, two-thirds (67%) of participants said they would focus on handling the threat of ransomware attacks.
“Tackling ransomware is a huge area of focus in the world of research, so I’m not surprised this scored highly in the survey,” said Muttukrishnan Rajarajan, professor of security engineering and director, Institute for Cyber Security, City, University of London, in a press release. “We are often commissioned to work on projects that focus just on this – an attack on one SME can cause a complete supply chain to grind to a halt as we saw with vulnerabilities introduced via the Log4J code libraries recently.”
- Booting cloud images with libvirt · The Odd Bit
- Kerberos authenticated queries to Active Directory · The Odd Bit
- Humble Bundle Download Links · GitHub
- Route48.org - Free IPv4 To IPv6 Tunnel Broker Service Plus Much More! - LowEndBox
- How To Monitor A Folder For Any Changes in PowerShell | KC's Blog
- Chris's Wiki :: blog/tech/TLSNowLimitedIntermediates
- Secure Your Secrets With Ansible Vault
- 5 Spring Cleaning Tasks That Will Save Money – BeingFrugal.net
- How to Show Line Numbers in Vi - buildVirtual
- set number
- Accounts - Azure with PowerShell II - tommymaynard.com
- It Begins - Azure with PowerShell I - tommymaynard.com
- Gluten Free Egg Free Chicken Schnitzel Recipe - Allergy Friendly Fried Breaded Chicken Cutlets | Penniless Parenting
- Royalty Free Images for Presentations – Philip Flint
- Everything You Need to Know about Linux Input-Output Redirection | Linux Journal
- Primer to Container Security | Linux Journal
- Do you want a car with wheels, brake or throttle? The Software development paradox! « Only Software matters
- Managers : Listen to your senior and experienced developers. Even prime-ministers have ministers and kings have consultants! (nobody is perfect)
Developers : Fight for your right to achieve perfection. Fight for your right to write code you’re proud of and creates less bugs (nobody is perfect)
Customers : Fight for your right to get high-quality software that meets your business requirements. It’s your money after all!
- Chaos Engineering Stories – Laurent Domb
- tmux – Stuff I'm Up To
- The Conclusive Netsh : Ultimate Guide
- Discovering the Ansible Hosts File
- The Essential Guide to Grafana Docker Monitoring
- Conquer Kubernetes Clusters with Ansible Kubespray
- Linked: Ransomware recovery costs dwarf actual ransoms
- A teaspoon of computing in every subject: Broadening participation in computer science - Raspberry Pi
- 'Blade Runner' composer and electronic music pioneer Vangelis dies at 79 | Engadget
- A Security Review of Docker Official Images: Which Do You Trust?
- Top 20 Dockerfile best practices for security – Sysdig
- Documentation Guide — Write the Docs
- Checklist Design - A collection of the best design practices.
- Checklist Design - A collection of the best design practices.
- A categorized list of all Java and JVM features since JDK 8 to 18 - Advanced Web Machinery
- PowerShell and the Windows Event Log » cyberfellabtc
- But where are the secret recipes? | Seth's Blog
- Should we teach AI and ML differently to other areas of computer science? A challenge - Raspberry Pi
- The control/responsibility matrix | Seth's Blog
- So You Inherited an AWS Account. A 30-day security guide for engineers… | by Matt Fuller | The Startup | Medium
- Best practices for securing Identity and Access Management on Amazon Web Services - Bridgecrew Blog
- The True Meaning of Technical Debt 💸 - by Luca Rossi
- GitHub - dwmkerr/hacker-laws: 💻📖 Laws, Theories, Principles and Patterns that developers will find useful. #hackerlaws
- How to Run Java Web Apps with Docker Containers - Sematext
- Top 10 CI/CD Security Risks
- CICD-SEC-1 Insufficient Flow Control Mechanisms
CICD-SEC-2 Inadequate Identity and Access Management
CICD-SEC-3 Dependency Chain Abuse
CICD-SEC-4 Poisoned Pipeline Execution (PPE)
CICD-SEC-5 Insufficient PBAC (Pipeline-Based Access Controls)
CICD-SEC-6 Insufficient Credential Hygiene
CICD-SEC-7 Insecure System Configuration
CICD-SEC-8 Ungoverned Usage of 3rd Party Services
CICD-SEC-9 Improper Artifact Integrity Validation
CICD-SEC-10 Insufficient Logging and Visibility
- Constructing a Feedback Vault - Wahl Network
- sysadvent: Day 12 - Terraform Refactoring
- sysadvent: Day 9 - 3 things parenting taught me about system administration
- Prioritize your health
Leverage the community
You can't eliminate all Snowflakes
- sysadvent: Day 2 - Reliability as a Product Feature
- sysadvent: Day 18 - Generating Compliance as Code for Terraform with InSpec-Iggy
- DevSec Hardening Framework · GitHub
- Doesn’t even need a plug on it any more… | The Angry Technician
- It’s a common complaint in school IT support departments that they are treated as general dogs-bodies there to help with any electrical appliance at all. VCRs, kettles, microwaves, desk lamps… the saying goes that “if it has a plug on it, it must be IT”.
Today set a new low for that sentiment, when I was asked to supply new AA batteries for an electric pencil sharpener.
- The Technium: 103 Bits of Advice I Wish I Had Known
- PowerShell Event Log Mining • The Lonely Administrator
- Custom CSV Import with PowerShell • The Lonely Administrator
- Get Windows Drivers Off Your Computer - The Grim Admin
- Export-WindowsDriver -Online -Destination C:\Drivers | Out-File -FilePath C:\Drivers\Drivers.txt
- 8 Examples of Sharing AWS Managed AD with Multiple Accounts from CLI and Console
- LDAPSearch Reference :: malicious.link — welcome
- A US college is shutting down for good following a ransomware attack | Engadget
- GitHub - pi-hole/pi-hole: A black hole for Internet advertisements
- Matt Ventura's blog » Blog Archive » OpenWRT on SR-IOV: Good Idea?
- Secure Your State With Terraform Backends
- Master In-Depth Security Audits with OpenSCAP
- Solarwinds Geek Speak - NetworkSherpa
- Include the why - NetworkSherpa
- ….if you always tell people why, they’ll understand it better, they’ll consider it more important, and they’ll be more likely to comply. Even if they don’t understand your reason, they’ll be more likely to comply.
So there’s an iron rule that just as you want to start getting worldly wisdom by asking why, why, why, in communicating with other people about everything, you want to include why, why, why. Even if it’s obvious, it’s wise to stick in the why.
- Linked: E-Waste Is a Cybersecurity Problem, Too
- “Shegerian: I once had a big, big bank call me up: “John, we’ve had a breach, but we don’t believe it’s phishing or software. We think it came from hardware.” I go out there and it turns out one of their bankers threw his laptop in the trash in Manhattan and someone fished it out. On that laptop was information from the many clients of the entire banking firm—and the bank’s multibillion-dollar enterprise. The liability, the data…God, just absolutely priceless.”
- Linked: The shortage of tech workers is about to become an even bigger problem for everyone
- Some Employers Have Not Figured Out The Job Market Changed
- Upgrade Log Insight using Ansible and Azure DevOps – Adventures in a Virtual World
- Encrypted gitops secrets with flux and age :: 🤠 Major Hayden
- Chris's Wiki :: blog/sysadmin/MonitoringTooHard
- WWoIT - Wayne's World of IT: More useful command-lines #4
- WWoIT - Wayne's World of IT: Exchange PowerShell Commands #2
- WWoIT - Wayne's World of IT: Useful PowerShell command-lines #2
- WWoIT - Wayne's World of IT: Resizing a VM's Windows system OS with Set-HardDisk
- Kubernetes best practices in Azure: AKS name space isolation and AAD integration
- Family Mission Statement :: malicious.link — welcome
- Beautiful Basics: Lesson 1 :: malicious.link — welcome
- Introducing Azure Firewall
- Security in the cloud - Disk encryption in Azure
- The cloud has got your back(up): A primer on Azure Backup
- Decoding Docker - Part 3 : Docker files
- Decoding Docker - Part 2
- Decoding Docker - Part 1
- Troy Hunt: Breach Disclosure Blow-by-Blow: Here's Why It's so Hard
- Install Elasticsearch on Ubuntu for Next Level Searching
- 4 Benefits of Sharing Your Parenting Experiences | Penniless Parenting
- Yaki Onigiri Recipe -- Grilled Japanese Rice Balls -- Gluten Free, Vegan, Allergy Friendly, and Frugal | Penniless Parenting
- How to Invest in Your Children’s Quality of Life | Penniless Parenting
- Internal SSL Certs with Let's Encrypt
- Installing TLS certificates on HP printers automatically – Peter Hicks' Blog
- seems to change every two or three printer generations. If you have a modicum of developer / debugging expertise, you can quickly deduce what the right one is for you if the above (or below) doesn’t work.
The magic incantation for some of the more modern HP printers is:
- Installing a LetsEncrypt certificate on an HPE iLO 5 – Peter Hicks' Blog
- Excellent LVM Tutorial for Beginners or Experts - A Random Walk Down Tech Street
- Understanding Block Storage in Amazon Web Services | davidstamen
- Chris's Wiki :: blog/linux/LibvirtHasBeenOkay
- The All-Flash Backup Fallacy - Architecting IT
- Looking forward to the future of modern backup storage - Architecting IT
- Kubernetes Clusters – Pets or Cattle? - Architecting IT
- Yubikey/Smartcard backed TLS servers
- SSL For Free - Free SSL Certificates in Minutes
- GitHub - djechelon/letsencrypthpeilo
- Healthcare facilities prime target for ransomware attacks | Born's Tech and Windows World
- Check_MK plugin: fail2ban « BenV's notes
- https://blog.benjojo.co.uk/post/lto-tape-backups-for-linux-nerds
- Going multipath without Multipath TCP
- Teaching a cheap ethernet switch new tricks
- Ghost in the ethernet optic
- The true cost of cybersecurity incidents | Born's Tech and Windows World
- Overview: TLS support in Windows | Born's Tech and Windows World
- Microsoft license comparisons | Born's Tech and Windows World
- Release notes: why and how?
- Understanding Block Storage in Microsoft Azure | davidstamen
- USENET Part 2: Spambots, Scientology Wars, and the Internet's First Deity - LowEndBox
- Every September, a flood of new users joined – university students who’d just arrived at school and been provisioned accounts. They generally barged in, breached netiquette, were swiftly corrected, and then integrated into the community. People groaned about “September coming” but it was not a major event.
However, once ISPs like AOL and Delphi and others opened up USENET to their users (circa 1993-94), there were a flood of users and they began coming in droves, regardless of the time of year. This was referred to as Eternal September and some feel it “blew up” the original USENET culture.
- Windows 10 20H2: January 2022 Updates breaks AGPM-Server | Born's Tech and Windows World
- Windows 11: A/B test shows watermark on unsupported systems | Born's Tech and Windows World
- Linux vulnerabilities patched fastest (Feb. 2022) | Born's Tech and Windows World
- The speed at which reported vulnerabilities were patched between 2019 and 2021 is interesting:
Linux: 15 days
Google: 44 days
Mozilla; 46 days
Apple: 69 days
Microsoft: 83 days
Oracle: 109 days
- COBOL market: Three times larger than expected | Born's Tech and Windows World
- The Technologies of War - with Part Numbers - LowEndBox
- Chris's Wiki :: blog/linux/PAMFilesLongtermProblem
- Windows 10 and 11: fTPM causes system stutter on AMD systems | Born's Tech and Windows World
- VMware Tools 12: New Version released (March 1. 2022) | Born's Tech and Windows World
- OpenSSH Suffered a "Near Miss" But is Now Post-Quantum - LowEndBox
- As good as it gets
- Hardened backup repository on Linux distro - Veeam setup - ESX Virtualization
- VMware issues Updated ESXi SD card USB Boot Device Guidance · vNinja.net
- Introducing Azure Hybrid Cloud Study Hall - Thomas Maurer
- Chris's Wiki :: blog/linux/Ubuntu2204SlowServerBoot
- PXE Boot RetroPie – Brian Brophy
- From MSRC API to ZDI chart | >_
- Modern Bank Heists 5.0: The Escalation from Dwell to Destruction - VMware Security Blog - VMware
- Terence Luk: Infrastructure as Code in 15 Minutes PowerPoint Presentation
- Sofabaton X1 Review - Is This The Harmony Killer We've Been Waiting For? | AV Gadgets
- OpenWRT + RPi4: failover and load balancing | Nelson's log
- OpenWRT on Raspberry Pi 4 | Nelson's log
- I scanned the whole country of Austria and this is what I've found
- Chris's Wiki :: blog/solaris/ZFSModernDiskPerformance
- Chris's Wiki :: blog/linux/SSDSomeWriteVolumes
- Chris's Wiki :: blog/sysadmin/NonHotswapDisksHassles
- Chris's Wiki :: blog/tech/HostFirewallsLimits
- Chris's Wiki :: blog/unix/PermissionsTwoMistakes
- Computers Are Bad
- Chris's Wiki :: blog/tech/TLSHasChangedALot
- Chris's Wiki :: blog/sysadmin/OurYubikeyToMFAMove
- Chris's Wiki :: blog/tech/TLSNoPlaceForOldThings
- Using PowerCLI to update DNS settings on VMware hosts - Notes of a scripter
- Doc Searls Weblog · Exitings
- How Not to Build a SOC - VMware Security Blog - VMware
- Mistake 1 – Start building your SOC before you know your ‘why’.
Mistake 2 – Gold plated tooling.
Mistake 3 – Build your SOC then hire your manager.
Mistake 4 – Open the SOC without SOPs.
Mistake 5 – Too much of the wrong data and not enough of the right data.
Mistake 6 – Don’t tune your SIEM for false positives.
Mistake 7 – Unclear escalations.
Mistake 8 – Unclear handoffs.
- An unattended installation of VMware Tools 12 generates a 2711 error - ivobeerens.nl
- MS SQL General Instance Information – Luka Gros
- VMware vSphere VM iPXE Boot without DHCP
- PowerShell – Check if process is running on multiple machines | geekdudes
- How Church & Dwight’s CISO used Feedly to track log4j in real time – Feedly Blog
- Succeeding through Laziness and Open Source | Dan Tehranian's Blog
- Career Advice I’d Give To 20, 30 and 40-Something Year Old Me | Ethan Banks
- Your life is at least half over. Stop wasting time doing things other people think is important.
- What is a Spoolbase? | enginoor
- Use SSH keys with Terraform on Azure · Development and DevOps
- Encrypting Login Credentials in Ansible Vault | Dan Tehranian's Blog
- Managing Secrets with Ansible Vault – The Missing Guide (Part 1 of 2) | Dan Tehranian's Blog
- Amazon EFS benchmarks | /contrib/famzah
- A Cognitive Skills Assessment of Digital Forensic Analysts – My Doctoral Dissertation | Chris Sanders
- From "War Games" to Network Policies
- eBPF - The Future of Networking & Security
- Debugging and Monitoring DNS issues in Kubernetes
- Announcing Hubble - Network, Service & Security Observability for Kubernetes
- Analyzing the CNI performance benchmark
- Ramdisks: Why You Might Enjoy One, Plus a Performance Puzzler - LowEndBox
- Stay Positive - VMware Security Blog - VMware
- Why Vulnerability Management is Key to Your Container Security Strategy - VMware Security Blog - VMware
- These challenges with container security include:
A growth in attack surface: It is no secret that there has been an extreme rise in the use of containers in recent years. As with any newer technology, security is often playing catch up to the creative ways attackers exploit containers.
Ephemeral nature of containers: Not only are containers themselves growing rapidly, but their average lifetime is less than 5 minutes. Development teams are constantly spinning up new containers and releasing them more frequently. This results in more entry points for attackers than ever before.
The use of third-party image registries: Third-party image registries provide many advantages and benefits for developers. As a result, attackers are finding ways to insert malicious code into the images of these registries
- How to hunt for Spring4Shell and Java Spring Vulnerabilities - VMware Security Blog - VMware
- It’s Time for CISOs to Decipher the Threat Actor Strategy - VMware Security Blog - VMware
- Creating Better Employee Experiences and Opportunities for Innovation | APMdigest - Application Performance Management
- Backdoor Roth IRA Contribution 2022: Tips and Vanguard Example Screenshots — My Money Blog
- How does data backup work? All you need to know to keep your data safe and sound - ITSMDaily.com
- Shell One-liners and Quick and Dirty Loops | hobo.house
- How to Make Aubergine Risotto | hobo.house
- How to Make Aubergine Risotto | hobo.house
- Quick and Dirty Remote Execution with Ansible | hobo.house
- Vegetarian Zucchini Pasta | hobo.house
- Hitting the Books: Raytheon, Yahoo Finance and the world's first 'cybersmear' lawsuit | Engadget
- ServiceNow Secures US DOD Impact Level-5 Provisional Authorization | APMdigest - Application Performance Management
- ServiceNow announced that the ServiceNow National Security Cloud (NSC) offering obtained a US Department of Defense (DOD) Impact Level 5 (IL5) Provisional Authorization.
- Microsoft Cloud Adoption Framework for Azure | Microsoft Azure
- StarWind Virtual Tape Library (VTL) - Another layer of protection against Ransomware - ESX Virtualization
- OCI as attestations storage for your packages - Marco Franssen
- Getting started with AWS from an Azure perspective | Jan Egil Ring powershell.no
- IT Stuff I Learned Today: I'm Back, with my Master Inventory Database methodology
- IT Stuff I Learned Today: Gathering Important NTP Settings with Powershell
- A Visual Journey Through The History Of Computing - krypted
- AWS EC2 vs Azure | Cloud Services Comparison | ServerWatch
- Russia's invasion of Ukraine has destroyed a historic computer museum | Engadget
- Your pocket-sized cloud with a Raspberry Pi
- DaaS Planning: Choosing the Right Delivery Model - Ask the Architect
- Defending Against Destructive Attacks Targeting Energy and Utilities - VMware Security Blog - VMware
- How to Backup and Restore Websites and IIS configuration? | Windows OS Hub
- Cloudflare CDN Reference Architecture | HumairAhmed.com
- Powershell tips n’ tricks Pt2 – HTML – Luka Gros
- Powershell tips n’ tricks Pt1 – Luka Gros
- K3s single-node cluster for noobs | Logan Marchione
- Check if Group Policy is Out of Date with PowerShell |
- Extraordinary benefits of using pi-hole on your network
- pfsense, suricata and RAM disk
- Tweaks for NGINX web server
- add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Content-Security-Policy "child-src 'self'";
add_header Referrer-Policy same-origin;
add_header Feature-Policy "vibrate 'self'; sync-xhr 'self' https://boratory.net";
- Painless Removable Media Backups...to the Cloud! - LowEndBox
- Ransomware Detection | How to Detect Ransomware Attacks
- Here are some methods of detecting ransomware attacks.
Use of privileged access management (PAM): PAM allows organizations to control, monitor, secure, and audit privileged identities and activities in an enterprise IT environment.
Isolate data: Isolation helps protect sensitive data. By isolating data via backups, you both protect your files and make it easier to detect strange network traffic that wouldn’t normally be directed towards the isolated data.
Make use of zero trust: Having zero trust policies in place makes it more difficult for hackers to escalate privileges that let them manipulate your network undetected.
Adaptive monitoring: By carrying out threat hunting, you assume your network has already been compromised and try to seek out and eliminate any present threats.
Use a cloud access security broker (CASB): CASBs allow organizations to set policies, manage risks, and monitor actions on their networks. This tool secures a full suite of cloud applications.
Sandbox testing: When working with new or unrecognized files, it is useful to test them out in a sandbox environment first before they are exposed to your network. This can prevent threats from harming your broader network.
Here are some ways to prevent ransomware that can be put into place even before the detection stage.
Keep software packages up to date: Updated software packages usually include fixes to the very security vulnerabilities that leave your company open to attack.
Implement measures in a user-friendly manner: If employees have to work too hard to follow security policies, the chances of them bypassing these measures increase.
Use multi-factor authentication (MFA): MFA helps to reduce the chances of there being unauthorized access to a company’s network, ensuring network access is only gained through the provision of at least two pieces of information. Typically, one of these is a password and the other is a one-time authorization code.
Educate employees on the importance of following security guidelines: By making sure staff is aware of the risks, they are more likely to follow security measures and stay vigilant for anomalies while using your network.
Implement an email spam filter: Many ransomware attacks begin with a malicious email. However, an effective spam filter can greatly reduce the risk of getting attacked by ransomware.
Backup critical data offline: Backing up in the cloud is convenient. However, having an isolated offline backup is a great way of ensuring potential ransomware attackers are unable to compromise your data.
Restrict and secure personal devices: Personal devices have the potential to easily introduce threats to a network. They may not be subjected to the same careful scrutiny that office devices are, which can give attackers an easy pathway into your network.
- AZ-800 Exam Study Guide Administering Windows Server Hybrid Core Infrastructure - Thomas Maurer
- Learn More About ipv6 with Hurricane Electric's Free Certification Program - LowEndBox
- VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners | Alexander V. Leonov
- Yes, you can measure cybersecurity efficacy | CSO Online
- “We show that knowledge-based challenges prevent as few as 10% of hijacking attempts rooted in phishing and 73% of automated hijacking attempts. Device-based challenges provide the best protection, blocking over 94% of hijacking attempts rooted in phishing and 100% of automated hijacking attempts.”
- Product Update: Release 4.1
- Cybersecurity researchers trace Lapsus$ attacks to a teenager from England | Engadget
- Doc Searls Weblog · The frog of war
- Deploy Elasticsearch and Kibana on Kubernetes with Helm | Lisenet.com :: Linux | Security | Networking
- Upgrading Homelab Kubernetes Cluster from 1.22 to 1.23 | Lisenet.com :: Linux | Security | Networking
- Book Review: Container Security – Adventures in the programming jungle
- 7 ways to build slimmer/lighter (Linux) containers – Adventures in the programming jungle
- 1. Use the lighter base image as possible
2. Use multi-stage build
3. Deactivate the package manager cache
4. Minimize the number of RUN, COPY, ADD instructions
5. Use the squash flag of docker/podman build
6. Use .dockerignore to filter the content of Docker build context
7. Use external tools
- Building Qemu KVM Images with Packer | Lisenet.com :: Linux | Security | Networking
- Best Microsoft Azure Certifications 2022 | ServerWatch
- Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021
- Get Started With Monitoring in this Grafana Tutorial
- An Important Elevation of Privilege Vulnerability was addressed in the Veeam Agent for Microsoft Windows - The things that are better left unspoken
- Veeam addressed three remote code execution vulnerabilities in Veeam Backup & Replication (CVE-2022-26500, CVE-2022-26501, CVE-2022-26504) - The things that are better left unspoken
- 20 Things You Forgot About Giving Speeches In Person | The Notes Guy in Seattle
- Fast recap:
Always shake hands before leaving the stage
Take your name tag off before going on stage
Pause before you start speaking
Get familiar with how the timing works
Be prepared to take notes
Stand up
Use your whole body and dress appropriately from head to toe
Use the whole stage
As you use the stage, time should flow from Audience’s Left to Right
Take advantage of Positional Reference
Make eye contact naturally, deliberately, equally Front/back/left/right
Hold eye contact for one sentence with any one person
Don’t look at the ground
Don’t turn your back
There’s no screen to hide or share and no virtual backgrounds
Project your voice so the person at the back can hear you without straining
Take advantage of the dynamic possibilities of live voice
Talk to the audience, not the PPT
There is no forgetting to unmute the mic
Know your speech.
Applaud loudly!
- CISA Tabletop Exercises Packages | CISA
- Capture and Restore Active Power Configuration |
- I wrote this script to run during an operating system upgrade, you can capture the current Power Config and store it to the system drive.
# Capture Active Power Scheme GUID
$currentPowerSettings = POWERCFG /GETACTIVESCHEME
# Sanitize the variable to just the GUID
$currentPowerSettings = $currentPowerSettings -replace "Power Scheme GUID: ",""
$currentPowerSettings = $currentPowerSettings -replace " (.*)",""
# Write GUID of Saved Power Config to File for Restore Script
Set-Content -Path $env:SystemDrive\$env:COMPUTERNAME.PowerGUID.txt $currentPowerSettings
# Export to the root of the System Drive with the active GUID.
Start-Process "POWERCFG" -ArgumentList "/EXPORT $env:SystemDrive\$env:COMPUTERNAME.pow $currentPowerSettings" -Wait -WindowStyle Hidden
Then after the system has upgraded, you can run the following command to restore the Power Config.
# Retrieve saved GUID of Power Config
$powerGUID = Get-Content "$env:SystemDrive\$env:COMPUTERNAME.PowerGUID.txt"
# Import and Set the Power Config to Active
Start-Process "POWERCFG" -ArgumentList "/IMPORT $env:SystemDrive\$env:COMPUTERNAME.pow" -Wait -WindowStyle Hidden
Start-Process "POWERCFG" -ArgumentList "/SETACTIVE $powerGUID" -Wait -WindowStyle Hidden
# Cleanup Power Config
Remove-Item "$env:SystemDrive\$env:COMPUTERNAME.pow" -Force
Remove-Item "$env:SystemDrive\$env:COMPUTERNAME.PowerGUID.txt" -Force
- Asking the Oracle, "Is 'Always Free' the future of the Low End?" - LowEndBox
- Getting Big Things Done - Marc's Blog
- A Plea for Clarity in IT Writing | APMdigest - Application Performance Management
- Incident Response Isn't Enough - Marc's Blog
- Focus on the Good Parts - Marc's Blog
- Reading Research: A Guide for Software Engineers - Marc's Blog
- The Essential Barbara Liskov - Marc's Blog
- Using VMware vSphere Update Manager with PowerCLI | 4sysops
- 1U Raspberry Pi Rack Mount Bracket – CubicleNate's Techpad
- Security ratchet
- Matt Ventura's blog » Blog Archive » Goodisory SR01: Almost-Perfect Router Case
- Goodisory SR01
- Run a UNIX command for a limited amount of time | ma.ttwagner.com
- Force Replication of all Domain Controllers on all Sites – Mohammed Wasay
- function Replicate-AllDomainControllers {
(Get-ADDomainController -Filter *).Name | Foreach-Object {repadmin /syncall $_ (Get-ADDomain).DistinguishedName /e /A | Out-Null}; Start-Sleep 10; Get-ADReplicationPartnerMetadata -Target "$env:userdnsdomain" -Scope Domain | Select-Object Server, LastReplicationSuccess
}
Replicate-AllDomainControllers
- ESXi Host Patching with PowerShell & Update Manager – Euro * Brew
- IDC FutureScape: Top 10 Predictions for the Future of Digital Infrastructure | APMdigest - Application Performance Management
- The top 10 predictions from the Worldwide Future of Digital Infrastructure 2022 report are:
Prediction 1
By 2023, G2000 leaders will prioritize business objectives over infrastructure choice, deploying 50% of new strategic workloads using vendor-specific APIs that add value but reduce workload portability.
Prediction 2
In 2023, over 80% of the G2000 will cite business resiliency to drive verifiable infrastructure supply chain integrity as a mandatory and non-negotiable vendor evaluation criterion.
Prediction 3
By 2023, most C-suite leaders will implement business critical KPIs tied to data availability, recovery, and stewardship as rising levels of cyber-attacks expose the scale of data at risk.
Prediction 4
By 2024, 75% of G2000 digital infrastructure RFPs will require vendors to prove progress on ESG/Sustainability initiatives with data, as CIOs rely on infrastructure vendors to help meet ESG goals.
Prediction 5
By 2024, due to an explosion of edge data, 65% of the G2000 will embed edge-first data stewardship, security, and network practices into data protection plans to integrate edge data into relevant processes.
Prediction 6
By 2025, a 6x explosion in high dependency workloads leads to 65% of G2000 firms using consistent architectural governance frameworks to ensure compliance reporting and audit of their infrastructure.
Prediction 7
By 2025, 60% of enterprises will fund LOB and IT projects through OPEX budgets, matching how vendors provide their services with a focus on outcomes that are determined by SLAs and KPIs.
Prediction 8
By 2025, 70% of companies will invest in alternative computing technologies to drive business differentiation by compressing time to value of insights from complex data sets.
Prediction 9
By 2026, 90% of G2000 CIOs will use AIOps solutions to drive automated remediation and workload placement decisions that include cost and performance metrics, improving resiliency and agility.
Prediction 10
By 2026, mid-market companies will shift 65% of infrastructure spending from traditional channels towards more app-centric trusted advisors.
- iPod 5th gen SSD upgrade - My Wired House
- Setting up a Used Tyan S7012 - My Wired House
- Group policies update/refresh without gpupdate.exe | >_
- Get-ScheduledTask -TaskPath '\Microsoft\Windows\GroupPolicy\' |
Where-Object { $_.Actions.Arguments -match 'computer' } |
Start-ScheduledTask
- Get CISA vulnerabilities report | >_
- Vertical Pod Autoscaling: The Definitive Guide - Povilas Versockas
- Kubernetes Node Local DNS Cache - Povilas Versockas
- Reliably rebooting Ubuntu using watchdogs - Philipp's Tech Blog
- Using Let's Encrypt for internal servers - Philipp's Tech Blog
- Can I Upgrade Veeam 10 to Veeam 11? | PeteNetLive
- PowerCLI to list Template Info - Notes of a scripter
- Ssh automate with public keys - Notes
- 1.Gen key on local box
ssh-keygen -t rsa -C “youremail@example.com”
2.On the server create a user
adduser newuser
cd ~
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
vim .ssh/authorized_keys
Add contents of id_rsa.pub in this file and save it
3.Run ssh-agent on local box
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
4.On localbox execute
ssh user@servername
- Shell file - create a timestamped name for a log... - Notes
- NOW=$(date +“%F-%T”)
MYFILE=$NOW’.txt’
- VPS disk performance, Digital Ocean vs Linode part II
- VMWare ESXi: Errno 28 — No space left on device | Windows OS Hub
- How to Automatically Fill the Computer Description in Active Directory? | Windows OS Hub
- Click the Show Files button and create a FillCompDesc.ps1 file with the following code:
# write information about the computer hardware/model in the Description field in Active Directory
$computer = $env:COMPUTERNAME
$computerinfo= Get-WMIObject Win32_ComputerSystemProduct
$Vendor = $computerinfo.vendor
$Model = $computerinfo.Name
$SerialNumber = $computerinfo.identifyingNumber
$DNSDOMAIN= (Get-WmiObject -Namespace root\cimv2 -Class Win32_ComputerSystem).Domain
$ComputerSearcher = New-Object DirectoryServices.DirectorySearcher
$ComputerSearcher.SearchRoot = "LDAP://$("DC=$(($DNSDOMAIN).Replace(".",",DC="))")"
$ComputerSearcher.Filter = "(&(objectCategory=Computer)(CN=$Computer))"
$computerObj = [ADSI]$ComputerSearcher.FindOne().Path
$computerObj.Put( "Description", "$vendor|$Model|$SerialNumber" )
$computerObj.SetInfo()
- Enable SMB Compression for Fast File Transfers on Windows 11/ Windows Server 2022 | Windows OS Hub
- What is SSPI – Security Support Provider Interface? | Electric Monk
- GitHub - dvdstore/ds3: DVD Store version 3
- Kali: Essential terminal commands | Networknet.nl
- readlink -f
xxd <filename> | head
- Effective Open vSwitch Benchmarking Using the Open Source MoonGen Traffic Generator - Netronome
- Freelancers Are 50% Better at This One Skill Than Full-Time Employees | The Motley Fool
- people who are freelance workers, people who are self, that are basically consulting and working on a temporary basis with companies, actually upskill themselves 50% more than full-time employees.
- Creating a DICOM Router in 15 minutes using Mirth Platform | Rady's Inspirations
- New – Customer Carbon Footprint Tool | AWS News Blog
- Zero Trust: Encrypt all communication - Ask the Architect
- Zero Trust Network Access (ZTNA) solution
- Notes on Berkshire Hathaway 2021 Annual Letter to Shareholders by Warren Buffett — My Money Blog
- Operating System Containers vs. Application Containers - RisingStack Engineering
- Does a Container Image Have an OS Inside
- Cyberattack forces Toyota to suspend vehicle production in Japan | Engadget
- Ethernet co-inventor David Boggs dies at 71 | Engadget
- How to Use Debug Module in Ansible Playbook
- Stop Using Production Data For Development - Thomas LaRock
- My Fourth Year as a Bootstrapped Founder · mtlynch.io
- Backup Azure Firewall with virtual wan #Azure #SDWAN #Backup #Runbook – Robert Smit MVP Blog
- The Top Technical Skills You Need to Be an SRE in 2022 | DEVOPSdigest
- ""There are two: firstly, being able to instrument and teach others to instrument observability into digital products and services along with the ability to leverage multiple monitoring streams to discover problems and reduce MTTR quickly. Second, being able to automate onerous and wasteful tasks out of the value stream's processes.""
"It may not be a technical skill per se, as I'd say it's a shift in how we look at software development where we no longer pass our work to the production environment and let somebody else maintain it. The shift encompasses looking at software development as a one-off fire-and-forget type of work to continuous work on one service or product where people who develop a product also need to think about how THEY will maintain the product or service at hand. It is a different paradigm in my opinion."
"An SRE understands the entire process, from idea to delivery, and can work at any stage. They also support the culture through learning, and leading teams to find their own problems early. "
"Site reliability engineer (SRE) is someone who is constantly analyzing every change for its risk and what its impact could be down the road, not just today. "
""There isn't just one technology/tool that SRE needs to know to perform his responsibilities properly. He needs to be proficient in one or more areas mentioned below:
a. Utility development: SREs are responsible for development's utilities. Hence they need to know at least one programming language. Automation testing is also a part of it.
b. Infrastructure: Varied tools in DevOps area, e.g., GitHub, API gateway, CI/CD tools
c. Security: security-related tools.
d. APM: Application performance management process tools.""
"While there are a number of technical skills that are needed to be developed for a site reliability engineer, I would insist on picking up the aspect of knowing about Containers and Microservices that would be more impactful to organizations."
- How to Upgrade VM Hardware Version in VMware ESXi? | Windows OS Hub
- Charlie Munger Daily Journal Annual Meeting 2022 Full Video, Full Transcript, and Highlights — My Money Blog
- What's the Great Upgrade and How Could It Affect Your Company? – Ideas
- Detecting Log4Shell with Wazuh - Unix / Linux the admins Tutorials
- Biden Signs Memo on Cybersecurity - Lawfare
- Ask the Readers: Resources for Writing a Will?
- University of the People: Tuition-Free, Accredited Online Degrees in Computer Science, Business Administration (MBA), Education (M.Ed.) — My Money Blog
- The Four Core Types of Regrets + Thoughts on Financial Regrets — My Money Blog
-
In the book, Pink identifies these four core types of regret:
Foundation regrets involves an irresponsible choice that changed the course of your life. This includes not saving enough money for retirement, not taking care of your health by eating well and exercising, or not putting in proper effort at school or work.
Boldness regrets come from being too cautious, and not taking certain risks. This includes staying in a “safe” job instead of going for a career changes more suited to you, or not asking out someone you liked on a date.
Moral regrets are when you don’t live up to your own values. You cheated, bullied, lost your temper, or didn’t stand up for something.
Connection regrets deal with lost relationships with family members, friends or colleagues. Too often, this happens due to neglect and passivity.
- 8 Cybersecurity Tips to Stay Protected in 2022
- Use Strong Passwords and a Password Manager
Use Two-Factor Authentication (2FA)
Double-Check That Link Before You Click
Use a VPN When On Public Wi-Fi
Keeps Apps and Devices Up-to-Date
Don’t Jailbreak Your iPhone
Don’t Store Sensitive Info on Your Phone (and Always Use a Passcode Lock)
Use Privacy-Focused Apps
- PowerShell - How to Copy a File if it Exists - buildVirtual
- What is ZTNA? Start at the Beginning with Zero Trust - Ask the Architect
- here are 7 principles of Zero Trust.
Everything is considered a resource: Within my house, I applied these principles to food, water, toilets, beds, computers, TV, people…
All communication must be encrypted: Everything we say must be in code. Unfortunately, Alexa no longer understands me and I feel like an idiot talking to my toilet.
No one is trusted: Let’s just say that dinner time has become a tense situation.
Access to resources are enforced with dynamic identification policies: Based on the situation, how you prove your identity changes. My family was outside in -20F temp. Let’s just say they were not happy while I made them each prove their identity (I had to sleep on the couch that night).
Access to resources are on a per session basis: You want access to the bathroom… Granted. You want access to the toilet… Denied (I decided it is now safer to sleep in my car)
Access to resources is enforced with dynamic policies: Certain people are unable to get access to WiFi resources afterhours or if they haven’t earned it. (They were unable to get access to Disney+ when the next episode of Boba Fett came out. My key to the front door no longer works)
Actions are monitored: I set up cameras throughout the house to monitor activity. (I tell you, these cameras I bought are JUNK. Every single one broke on the first day. I need to leave a bad review on Amazon. Too bad I can’t get onto WiFi anymore)
- Windows Server Windows Update using CLI (Command Prompt) and "sconfig" - The Tech Journal
- 11 'Avconv' Commands to Record, Convert and Extract Videos & Audios from Linux Terminal
- Securing Kubernetes at the Infrastructure Level - Container Journal
- Bottlerocket
- 5 Ways to Improve Linux User Account Security
- 1. Restrict Root Account Access
2. Set Expiration Dates on Accounts
3. Improve Account Password Security
4. Remove Unused User Accounts
5. Restrict Remote Access to a Specific User Group
- Understanding TCP/IP Port Numbers | Alexander's Blog
- 7 Best Free and Open Source Status Page Systems - LinuxLinks
- Ransomware as a Service Innovation Trends to Watch
- How to use Azure proximity placement groups #Azure #SAP #Latency – Robert Smit MVP Blog
- Big List of Social Security Tools: Best Time to Start Claiming Social Security Benefits? — My Money Blog
- Ansible Reboot Plugin for Linux - Sam Doran
- Performance Tuning Ansible Playbooks - Sam Doran
- Grafana Weather Dashboard using InfluxDB and an ESP32 - In-Depth Tutorial - The DIY Life
- Why you want labels for software, just like for food | Stop at Zona-M
- 5 ways to make your Ansible modules work faster | Enable Sysadmin
- dnstop - Monitor and display DNS server traffic on your network - nixCraft
- CERIAS Expert Explains the Effect of the Log4J Vulnerability - CERIAS - Purdue University
- Santiago Torres-Arias
- Switching from OpenNTPd to Chrony - anarcat
- Allowing 'root cause analysis' - SysAdmin1138 Explains
- Deploying HP BIOS Updates – a real world example
- Web UI Testing Made Easy with Zalenium
- DNF Guide For Beginners With 20 Examples | LinuxTeck
- CVE-2021-4034, polkit, and VMware - VMware Security Blog - VMware
- VMware ESXi 7.0 Update 3c’s cURL version is vulnerable - The things that are better left unspoken
- Erman Arslan's Oracle Blog: Database-- Redo Transport Compression Custom Method
- Backup And Restore Application Settings With Mackup In Linux - OSTechNix
- How to Use the Terraform Command Line Interface (CLI) on Ubuntu
- 12 Best Practices for Writing Bash Scripts
- Commenting
Working With Functions
Reference Variables With Double Quotes
Terminating Script On Error
Terminating Script On Undeclared Variable Uses
Declaring Variables
Use Curly Braces
Command Substitution
Variables Naming Convention
Declare Static Variables
Comparing Strings
Script Debugging
- How to Check Docker Logs [Stored or Real Time]
- How to use LUKS with a detached header - Linux Tutorials - Learn Linux Configuration
- Moxie Marlinspike >> Blog >> My first impressions of web3
- WebAuthn – the future of strong user authentication – Mikail's Blog
- Use PowerShell to Edit a CSV, Revisited - tommymaynard.com
- I am TechNet Gallery Years Old, Part III - tommymaynard.com
- I am TechNet Gallery Years Old, Part II - tommymaynard.com
- I am TechNet Gallery Years Old - tommymaynard.com
- Google Online Security Blog: ClusterFuzzLite: Continuous fuzzing for all
- Resolving a sector offset to a logical volume – The ongoing struggle
- Why I Achieved an MBA From WGU | neckercube.com: Jedadiah Casey
- In either case, the individual’s culmination of experience and dedication makes them excel in their field, not a piece of paper.
- The Process Will Save You | The Networking Nerd
- ITIL didn’t really become a popular thing until after I left IBM but I’m sure if I were still there I’d be up to my eyeballs in it right now. Because ITIL was designed to keep keyboard cowboys like me from doing things we really shouldn’t be doing. Change management process are designed to save us at every step of the way and make us catch our errors before they become outages. The process doesn’t exist to make our lives problematic. That’s like saying a seat belt in a car only exists to get in my way. It may be a pain when you’re dealing with it regularly but when you need it you’re going to wish you’d been using it the whole time. Trust in the process and you will be saved.
- Live or Dynamic Dashboard & Charts in SQL Developer Web
- Oracle SQLcl: All the pretty colors for your console.
- Getting Started With Threat-Informed Security Programs
- Are SSH Keys Passwords? Yes, Here’s Why | Teleport
- The Log4j Flaw Will Take Years to be Fully Addressed
- Log4j: A CISO's Practical Advice
- 1. Lead with empathy and reach out to your security circles.
2. Get the clearest possible understanding of what's happening in your environment.
3. Identify your true partners and make changes to those you do business with.
4. Share threat intelligence data without marketing in mind.
- Preemptive Strategies to Stop Log4j and Its Variants
- Tip 1: Build automation into your cloud security processes.
Tip 2: Remove as much human intervention as possible.
Tip 3: Take a zero-trust approach to security.
Tip 4: Assume nothing!
- New Log4j Attack Vector Discovered
- How Risky Is the Log4J Vulnerability?
- Timely Questions for Log4j Response Now — And for the Future
- If your organization is currently using SBOMs to help prioritize Log4j response, consider the following time-sensitive questions:
Given that we know SBOMs will take a while to catch on with vendors, how are you balancing risks of missing key vulnerable assets early when directing limited staff?
What is your plan for finding vulnerable applications that either lack SBOMs or have inaccurate SBOMs?
If all SBOMs were perfect, what else about your process that's under your control would you improve after this Log4j response?
For your after-event lessons-learned debriefs, how will you address your vendors who didn't have an SBOM and didn’t proactively communicate their Log4j status to you but were found to be vulnerable in testing?
Do you have a way to flag every product in your environment that lacks an SBOM? What mechanism do you have to ensure parallel testing in future events like this?
Are you benchmarking your response capabilities? Some elements to measure include:
Speed: Were all your organization's assets checked and fixed, or verified as unaffected?
Efficiency: Were the vulnerable assets of highest organizational value addressed first?
Information sources: What was your rate of using SBOMs to prioritize your remediation efforts versus other sources of timely information — e.g., the Internet or your vendors telling you, or your own testing?
- Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft
- Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
- Attackers Target Log4j to Drop Ransomware, Web Shells, Backdoors
- 40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j
- How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity
- The simplest way to avoid an attack is to minimize the attack surface. To accomplish this, you need to:
Eliminate your external attack surface by migrating to cloud-delivered zero-trust access with an outbound-only access model.
Reduce internal attack surface by leveraging zero-trust user-to-app segmentation for private apps.
Minimize individual endpoint attack surface by protecting end-user Internet traffic.
Reduce the data attack surface with software-as-a-service (SaaS) controls such as a cloud access security broker (CASB), data loss prevention (DLP), and other solutions.
- Reddit’s Allison Miller builds trust through transparency | CSO Online
- Kraft Heinz dishes up security transformation | CSO Online
- Osmedeus Next Generation - A Workflow Engine for Offensive Security
- The Proverbial HR Exit Walk – But What About the Data? | CSO Online
- My top takeaways
The rapid shift of vast amounts of data from inside corporate walls to home PCs, Dropbox accounts, and Google Drives over the past 15 months has magnified the problem.
With record numbers of people on the lookout for new opportunities right now and statistics showing that most stay in the same industry, the risk of trade secret exposure is especially high.
"All the security tools we’ve used historically were designed to block access. That flies in the face of what CIOs want to do today, which is share.” (Joe Payne, Code42 CEO)
“The good news is that data exfiltration is usually unintentional. But intent matters less than outcomes.” (Paul Gillin, Technology Journalist, Computerworld)
- Avery Dennison overhauls DLP program in enterprise-wide effort | CSO Online
- DataSafe enlists all employees in an enterprise-wide effort to protect company data by asking them to consider the safeguards needed from the time a file is created through all its stages of use. DataSafe then combines its human resources with well-articulated controls and intelligent security software, completing the lauded people-process-technology framework for transformation.
- How CISOs escape the cost center trap | CSO Online
- Cultivate allies in the business
Accentuate the positive
Quantify the value security delivers
Make security a differentiator
- California state CISO: the goal is “operating as a whole government” | CSO Online
- Four Tips To Build Security Into Your Accidental Multi-cloud | CSO Online
- 1. Approach multi-cloud, every cloud, in a holistic manner when it comes to security. Cloud ultimately is about delivering business results via application lifecycles. Security needs to follow the applications everywhere they go and where they reside.
2. Leverage a platform, fabric, or mesh approach to security. The building blocks of a successful platform security infrastructure include:
complete visibility into the network and entire infrastructure.
knowledge, gained by the use artificial intelligence (AI) and automation tools to gather, analyze, correlate, and make sense of all data.
control, which requires distributing policies, federating enforcement, and taking action whenever and wherever needed to minimize the impact of a threat. Consistency and visibility matter most when it comes to cloud security.
3. Understand that the cloud is fluid and expansive, and choose solutions that enable flexibility to meet those needs, especially those integrated with a broad ecosystem of technologies.
4. Choose solutions that work well together. A critical need for most organizations to successfully drive digital innovations into and across clouds is to leverage a comprehensive cybersecurity platform.
- 5 IT risk assessment frameworks compared | CSO Online
- The seven RMF steps are:
Prepare, including essential activities to prepare the organization to manage security and privacy risks.
Categorize, which involves sorting systems and information that’s processed, stored, and transmitted based on an impact analysis.
Select, which is selecting the set of NIST SP 800-53 controls to protect systems based on risk assessment;
Implement, deploying the controls and documenting how they are deployed.
Assess, to determine if the controls are in place, operating as intended, and producing the desired results.
Authorize, where a senior executive makes a risk-based decision to authorize the system to operate.
Monitor, which involves continuously monitoring control implementation and risks to systems.
- 4 tools to prevent leaks in public code repositories | CSO Online
- Gitleaks
GittyLeaks
SpectralOps
GitGuardian
- Helping Healthcare Win Its Other Big Battle: Cyberattacks | CSO Online
- This far-from-exhaustive list illuminates the range of data needed to create continuous care and reduce the potential size of a healthcare organization’s threat surface area.
Electronic health records (EHRs) — Digital medical charts, medical history, lab and test results, and other data
Patient or disease registries — Databases containing the clinical outcomes for patients who share a specific diagnosis or condition
Claims data — Billing codes data submitted by healthcare providers to insurance companies
Health surveys — Data collected by public health organizations to assess public health risks and that inform public health policy and practice
Picture archiving and communication system (PACS) — Data generated by a medical imaging device (such as a CT or MRI scan) that is archived for access by physicians, researchers, or other authorized medical staff
Clinical trial data — Data on the results of clinical studies, private or public, used in the development of medical devices, pharmaceuticals, and other innovations
- 6 security analyst certifications to advance your career | CSO Online
- Security+
CySA+
Certified Ethical Hacker (CEH)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
- How Learning Linux Will Improve Your Software Testing
- Security analyst resume: 8 tips to help you stand out | CSO Online
- Focus on processes over tools
Estimate the percent of time spent on key tasks
Hands-on experience is a must
Aim for the cloud
Don’t overlook volunteer activities
Consider including salary, visa, and location requirements
List the certifications and skills you’re pursuing, not just the ones you have
Prioritize experience over education credentials
- What CISOs can learn from the US Navy insider who stole nuclear secrets | CSO Online
- ITFlow
- MSP
- China's Personal Information Protection Law (PIPL) presents challenges for CISOs | CSO Online
- The four stated objectives of the PIPL are:
Protect the rights and interests of individuals
Regulate personal information processing activities
Safeguard the lawful and "orderly flow" of data
Facilitate reasonable use of personal information
- 13 traits of a security-conscious board of directors | CSO Online
- 1. Does the board have at least one security expert?
2. Does the board ask good questions?
3. Does the board’s chain of command and reporting structure put the CISO in a position of authority?
4. Does the board conduct regular and detailed risk assessments?
5. Does the board have security-focused subcommittees?
6. Does the board meet regularly with the CISO?
7. Are the IT budgets and cybersecurity budgets presented to the board together?
8. Does the board integrate security concerns into all its discussion?
9. Does the board receive security training?
10. Does the board practice sound cybersecurity hygiene in its own communications?
11. Does the board use benchmarks to measure security preparedness?
12. Does the board make a determined effort to drive security culture throughout the company?
13. Does the board create a climate of open, honest information sharing?
- Best practices for building images that pass Red Hat Container Certification | Red Hat Developer
- Linux and Cloud Native Security: Red Hat’s Perspective – The New Stack
- jmtd → log → Frictionless external backups with systemd
- A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks | CSO Online
- Preparation
Detection and analysis
Containment
Eradication and recovery
Post-incident activity
Coordination
While the IR playbook’s preparation phase directs agencies to align with Sec. 8 of the EO, it doesn’t go into enough detail regarding third-party service providers and partners that make up the broader ecosystem and supply chain. The reality is that today’s FECB as well as commercial organizations are using tens to hundreds of external service providers, especially when you account for cloud, particularly software as a service (SaaS). These external service providers often support critical business functions and store sensitive data, and logging from these sources is required to perform comprehensive IR activities. - Kronos highlights this.
- NIST gears up for software security and IoT labeling pilot programs | CSO Online
- Descriptive attestations that identify who is making claims about information within the label, what the label applies to, when the attestations were made, and how a consumer can obtain other supporting information required by the label
Secure software development attestations, which in essence contain information on the recommended secure software development practices that were employed
Critical cybersecurity attributes and capability attestations that describe features expressed by the software resulting from implementing a secure software development process
Data inventory and protection attestations that highlight how data are stored, processed, or transmitted by the software
- Container Security: Definition, Best Practices, and Examples | CSO Online
- cloud workload protection platforms (CWPP) tools are favored for their ability to secure workloads across container-based platforms and cloud environments in a consistent manner, reducing the complexity of container security. They check for vulnerabilities in static code, perform system hardening, and identify workload misconfiguration, all of which can help to reduce security risk. However CWPP tools can be challenging to configure, especially in ephemeral environments. They only provide security at a workload level, not at the data or application layer.
Many organizations prefer this option to CWPP tools as NDR offers many of the same benefits plus enhanced visibility, threat detection, and response across cloud workloads. NDR also offers container runtime security and application layer visibility.
- Log4j Vulnerabilities : My Random Thoughts
- Managing Ansible with AWX - Part I - Installation on Minikube - Blog dbi services
- Log4j mitigation advice for Microsoft security and IT admins | CSO Online
- Improving Software Supply Chain Security with DevSecOps | CSO Online
- A secure software supply chain can provide needed guardrails that accelerate and enforce the right behaviors in key areas:
Security: Applications have defenses to protect them from malicious actors.
Compliance: Applications adhere to required controls.
Privacy: Applications protect sensitive information that should not be shared.
Transparency: Applications produce metadata—for example, about health and security posture—so that software behavior is observable and verifiable.
- Install Security Patches or Updates Automatically on Rocky or AlmaLinux 8
- How to Create & Manage SSH Keys on Linux Machines - JumpCloud
- Shaark: Keep your bookmarks and data in one place
- 16 Practical and Useful Examples of Echo Command in Linux
- Fastly Outage Illustrates Importance of Testing in Production | APMdigest - Application Performance Management
- Use Ansible tags to save time on playbook runs | Enable Sysadmin
- Change management: 9 ways to build resilient teams | The Enterprisers Project
- 1. Understand what resilience is – and is not
2. Unpack the impacts
3. Talk less, listen more
4. Promote psychological safety
5. Build communities and connections
6. Help others reframe
7. Protect your people
8. Model adaptability
9. Maintain these efforts long-term
- Automation by the numbers: 11 stats to know | The Enterprisers Project
- 11 statistics on the state of automation
(61 percent) of respondents said they’re worried that automation (of all types) is putting many jobs at risk in the future.
X=Y - X represents “time spent on current tasks at work by humans” and Y represents “time spent on current tasks at work” by machines. Those numbers will be more or less equal in 2025
97 million vs. 85 million: estimates that 85 million jobs will be displaced as a result of that shift in the division of work, with more of it moving to machines. That said, the report also predicts the creation of around 97 million new roles as a result of the same shift toward automation.
77 percent of respondents said they’re “ready to learn new skills or completely retrain,” and 40 percent of people reported “successfully improving their digital skills” during the pandemic.
Approximately one-quarter of respondents in O’Reilly’s AI Adoption in the Enterprise 2021 report indicated “mature” AI initiatives, defined in this context as having revenue-generating AI in production.
35 percent: That’s the percentage of organizations in the O’Reilly report that are actively evaluating AI, meaning they’re running a trial or proof of concept. Another 26 percent said they’re “considering” AI but haven’t started any formal work. Just 13 percent said they’re not using AI now and aren’t considering doing so in the foreseeable future.
1: The #1 challenge for these organizations is hiring: There aren’t enough people with skills in AI, machine learning, and data science.
- Install Apache JMeter on Ubuntu 20.04 LTS Focal Fossa
- Understanding Standard I/O on Linux
- MediaMarkt hit by Hive ransomware, initial $240 million ransom
- 2022 Application Performance Management Predictions - Part 6 | APMdigest - Application Performance Management
- 2022 Application Performance Management Predictions - Part 5 | APMdigest - Application Performance Management
- 2022 Application Performance Management Predictions - Part 4 | APMdigest - Application Performance Management
- 2022 Application Performance Management Predictions - Part 3 | APMdigest - Application Performance Management
- 2022 Application Performance Management Predictions - Part 2 | APMdigest - Application Performance Management
- 2022 Application Performance Management Predictions - Part 1 | APMdigest - Application Performance Management
- Troubleshooting: Group Policy (GPO) Not Being Applied to Clients | Windows OS Hub
- Putting DNSSEC signers to the test: Knot vs Bind | APNIC Blog
- Securing your network using Shadowserver reports | APNIC Blog
- Useful Tmux Configuration Examples - DEV Community
- Detection of Log4j Vulnerability | HackerTarget.com
- Velociraptor & Loki - /dev/random
- Portable Malware Analyzis Lab - /dev/random
- ICE9 Blog: Bluetooth Recon With BlueZ
- megi's PinePhone Development Log
- PinePhone Speed Up Takes Soldering | Hackaday
- Getting Started with Docker: Dry - interactive CLI for Docker containers - LinuxLinks
- The Quickest Way to Set Up HTTPS | Nerdvana [blogs.perl.org]
- Working with multiple WiFi interfaces on a Raspberry Pi | Jeff Geerling
- Announcing Wyrcan
- Hacking a USB battery bank to gather telemetry | Arduino Blog
- How to detect Log4Shell exposure and exploitation | CSO Online
- How to Create a Jenkins CI CD Pipeline
- How to Perform a VMware Backup & Best Practices
- Utilizing Terraform Output Variables in Infrastructure Configuration
- My Seven Highlights Of 2021
- Prevent Files And Folders From Accidental Deletion Or Modification In Linux - OSTechNix
- 8 new rules for winning the IT talent battle | The Enterprisers Project
- 1. Approach IT workforce development as a cross-functional undertaking with dedicated governance and leadership
2. Get better at tracking skills and roles
3. Invest in internal mobility above all else
4. Figure out how to hire ahead of demand
5. Take a multi-channel approach
6. Sustained investment bests opportunistic involvement
7. Location matters
8. Hyper-focus on measuring and improving productivity
- Using your OpenPGP key on Yubikey for ssh
- Hunting Bugs with Bisect
- Home Assistant for a Newbie – CubicleNate's Techpad
- Real Time Interactive IP LAN Monitoring with IPTraf Tool
- Block SSH Server Attacks (Brute Force Attacks) Using DenyHosts
- Virtual Machine Secure Boot Database Updates Made Easy with Oracle Linux
- 20 Years of Red Hat Product Security: From inception to customer experience (Part 1)
- In 2022, security will be Linux and open-source developers job number one | ZDNet
- Kubernetes infographic: usage of cloud native technology in 2021 | Ubuntu
- Speedtest with InfluxDB and Grafana on Kubernetes | Lisenet.com :: Linux | Security | Networking
- 17 free, open-source Bullet Journal apps to boost your productivity
- AMIDE: Open-source, free DICOM viewer for volumetric imaging
- 5 ways to automate security testing in DevSecOps
- 1. Code quality (SAST)
2. Web application scanning (DAST)
3. Container scanning/vulnerable dependency analysis
4. Software composition
5. Automated vulnerability scanning
- Pi-Hole the Easy Way – CubicleNate's Techpad
- Open-source software holds the key to solving Log4Shell-like problems - Help Net Security
- There are two ways to mitigate a vulnerability like this: by patching or updating Log4j in all systems and applications where it’s deployed, or by blocking malicious requests as they enter the network, often through a reverse proxy or load balancer.
- How to Monitor User Activity with psacct or acct Tools
- Hitting the Books: Amiga and the birth of 256-color gaming | Engadget
- GoTestWAF: Open-source project for evaluating web application security solutions - Help Net Security
- GoTestWAF
- Agile isn’t Transformative, it’s Doctrine – Unadulterated Nerdery
- Matt Blaze: Testing Phone-Sized Faraday Bags
- Digging deep for responsible aluminum - Fairphone
- Azure DevOps Governance 101 – How does Identity, Billing and Service Endpoints intertwine? – Karim Vaes
- Improving HammerDB Benchmark Test Results | Long White Virtual Cloudsu by
- PowerCLI: List Server Serial Numbers – nerdybynature
- VMSA-2021-0028 & Log4j: What You Need to Know - VMware Security Blog - VMware
- Investigating CVE-2021-44228 Log4Shell Vulnerability - VMware Security Blog - VMware
- Securing the Future: 7 Cybersecurity Predictions for 2022 - VMware Security Blog - VMware
- The Log4j Zero Day will motivate organizations to rapidly adopt a Zero Trust approach.
Supply chain attacks have just gotten started
Insider threats pose a new challenge for organizations as the job market continues to shift.
In 2022, accelerated delivery of the benefits of 5G infrastructure will highlight IoT security needs.
Linux-based operating systems will become a key target for cybercriminals.
Adversaries will move laterally and exfiltrate data from unsecure multi-cloud environments.
Copycat cyberattacks on critical industries will disrupt human lives.
- Protect your Kubernetes clusters against Log4shell - VMware Security Blog - VMware
- Digital transformation: How agile leaders and scrum masters can catalyze change | The Enterprisers Project
- They’re change agents: Agile coaches spend every waking moment figuring out how to help people make and sustain change. They read books about it and attend meetups and conferences that help them become better change agents.
Team members trust them: Agile leaders have the trust of the team – perhaps the most valuable commodity during a digital transformation. Through your work with them, you can directly influence the front-line people in the transformation.
They see things you cannot see: A strong agile leader provides insights from the real world. They can tell you which teams are struggling, why they’re struggling, and how to remove barriers and accelerate the change.
They believe they have something to offer: Leadership positions are taken, not given. Great agile leaders are waiting for the opportunity to influence the broader organization. Invite them into the conversation and they’ll be so eager, you may need to ask them to slow down (when’s the last time you had that problem?).
- Bare metal Kubernetes: The 6 things you wish you knew before 2022 | Ubuntu
- 1 – Kubernetes (K8s) will continue becoming the default API for infrastructure
2 – Bare metal provisioning will become a standard building block for multi node clusters at the edge
3 – Single node clusters for edge will be a thing
4 – Bare metal Kubernetes will be the default for all new 5G base stations
5 – AI/ML or VR/AR workloads will be delivered to the edge on bare metal Kubernetes
6 – Multi-tenancy at the edge will see more open source Virtual Machine (VM) based solutions
- How to use Ansible Dry Run
- Can you help with bulk storage firmware updates? – Technical Blog of Richard Hughes
- Deploy Mycroft AI voice assistant on Raspberry Pi using Ansible | Opensource.com
- Find failures with journalctl Using sort, uniq
- journalctl --no-pager --since today --grep 'fail|error|fatal' --output json | jq '._EXE' | sort | uniq -c | sort --numeric --reverse --key 1
- Writing and unit testing a Python application to query the RPM database | Enable Sysadmin
- Tesseract 5.0 Released For This Leading Open-Source OCR Engine - Phoronix
- Yubikey - PIV vs Security Key
- Monica is your own personal CRM solution
- Lennart Koopmann - Introducing nzyme: WiFi monitoring, intrusion detection and forensics
- Lennart Koopmann - Common WiFi attacks and how to detect them
- Lennart Koopmann - Regular expression (regex) performance: The fundamental guide
- FreeScout is an open-source helpdesk for teams
- How to achieve Rightsizing of VMs - ESX Virtualization
- New – Offline Tape Migration Using AWS Snowball Edge | AWS News Blog
- Amazon S3 Glacier is the Best Place to Archive Your Data – Introducing the S3 Glacier Instant Retrieval Storage Class | AWS News Blog
- Use Packer to install Windows 11 and enable vTPM and VBS - ivobeerens.nl
- DSCR for VMware 2.2 | Adventures in a Virtual World
- SAML explained | Electric Monk
- BIOS and UEFI | Electric Monk
- Updating Git Project Structure - EverythingShouldBeVirtual
- Manager or Leader - EverythingShouldBeVirtual
- Find VM NUMA locality with PowerShell - Gabes Virtual World
- New tool: Mess with DNS!
- New – Sustainability Pillar for AWS Well-Architected Framework | AWS News Blog
- How to Build a Hand Wired Split Ergonomic Keyboard with Per-Key RGB LEDs | dlford.io
- Automation strategy: 6 key elements | The Enterprisers Project
- 3 benefits of a step-by-step approach to automation strategy
Productive: You can generate and share results without waiting to reach some faraway “finish line.”
Flexible: You can review and revise priorities as conditions change.
Attainable: Your team can actually execute the strategy – a wildly underrated characteristic when setting even the most ambitious goals.
6 automation strategy essentials
1. Identify the starting point – and the criteria for ongoing priorities
2. Link automation with broader business goals
3. Create value for individuals, not just the organization
4. Acknowledge and address concerns about job impacts
5. Lay a foundation for measuring results
6. Equate automation with improvement
- Understanding the Offense’s Systemwide Advantage in Cyberspace - Lawfare
- Create your own animations with this open source motion graphics tool | Opensource.com
- What sysadmins want to know about OpenShift and Kubernetes | Enable Sysadmin
- Doc Searls Weblog · Rage in Peace
- Replicating Slow Latency on Linux -- Virtualization Review
- tc qdisc add dev ens192 root netem delay 200ms ## Set the delay
tc -s qdisc show dev ens192 # Show the settings
- DNS "propagation" is actually caches expiring
- Digital Staph: Secondary Infections in Cyberspace - VMware Security Blog - VMware
- DigitalStaph is an interesting thought process
- Log in the Shell: An Analysis of Log4Shell Exploitation - VMware Security Blog - VMware
- Performance enhancements in Red Hat Enterprise Linux 8.5
- IT security: 4 issues to watch in 2022 | The Enterprisers Project
- 1. Double back to the basics (again)
2. You can't prioritize everything
3. Supply chain issues, meet IT security
4. It's all about the data
- An elegant way to performance test microservices on Kubernetes | Red Hat Developer
- Opening of email attachment led to HSE cyber attack, report finds
- Inside Ireland’s Public Healthcare Ransomware Scare – Krebs on Security – Mac Pro Tricks
- Doc Searls Weblog · Remembering Kim Cameron
- 2021-12: Testing, Kubernetes Roundtable | KWLUG - Kitchener-Waterloo Linux User Group
- 2021-12: Testing, Kubernetes Tools (Lens, Minikube) | KWLUG - Kitchener-Waterloo Linux User Group
- SSH Key Rotation with the POSIX Shell - Sunset Nears for Elderly Keys | Linux Journal
- Get All Kind of System Information in Linux Terminal With inxi - It's FOSS
- What is Cloud Computing? | Basics of Cloud Computing - OSTechNix
- Acra: Open-source database protection with field-level encryption and intrusion detection - Help Net Security
- Kubernetes Features Explained In Detail - OSTechNix
- Why We Can't Teach Cybersecurity | Tux Machines
- .
- Cybersecurity for Idiots - Lawfare
- Secrecy Creep - Lawfare
- This reply—refusing to confirm or deny the existence or nonexistence of records—has been referred to ever since as the “Glomar” response.
- How to Install and Use Rdiff-backup in RHEL Systems
- The Smart Hospitals of tomorrow need smarter software
- By the year 2025, an ordinary person will interact at least 4,800 times a day with connected devices, and the volume of data in the world should reach 163 ZettaBytes by the year 2025, with the majority coming from IoT devices. To put that into clear, headache inducing English, a ZettaByte is a trillion gigabytes.
- App note: Energy storage capacitor technology comparison and selection – Dangerous Prototypes
- Veeam 321 backup rule becomes 3-2-1-1-0 Backup Rule - Check it out! - ESX Virtualization
- Veeam 321 backup rule becomes 3-2-1-1-0 Backup Rule – Check it out!
3 : Keep at least 3 copies of your data
2 : Store the backups on 2 different media
1 : Keep at least 1 copy at the remote site
1 : Store at least 1 of the copies offline
0 : ZERO Errors – you should only keep backups without errors
- Dell Windows drivers still vulnerable to kernel attacks | Born's Tech and Windows World
- Chris's Wiki :: blog/linux/GrowingLVMRoot
- The Rescue/Knife sharpener/The Wisdom Index | Cool Tools
- Before making a decision, ask yourself these two questions
“Will it help you do what you already want to do? Will it help you feel successful? The answers to those questions is freeing because if the change program doesn’t satisfy these two requirements, it’s not worth your time. ”
Form habits through emotion, not repetition
“In my own research, I found that habits can form very quickly, often in just a few days, as long as people have a strong positive emotion connected to the behavior… When I teach people about human behavior, I boil it down to three words to make the point crystal clear: emotions create habits. Not repetition. Not frequency. Not fairy dust. Emotions.”
- Bermudagrass Yearly Maintenance Program | Home & Garden Information Center
- GitHub - securitytrends/log4shell-validator: Visio goodness to help you quickly figure out if you're likely affected by #log4shell and if you need to upgrade to the latest version (spoiler alert - you should)
- GitHub - logpresso/CVE-2021-44228-Scanner: Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
- DBT Techniques to Help Your Kids at Home | Penniless Parenting
- Detect and block Log4j exploitation attempts with CrowdSec - The open-source & collaborative IPS
- Creating your first deployment on a Kubernetes Cluster
- Pensela: The Swiss Army Knife of Screen Annotation Tools
- How to use Ansible to install and configure Redis 6 on Debian 11
- Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling - Help Net Security
- New Terrascan features
The ability to identify security risks in more IaC and container definition formats
Integration with all major container registries, including to identify vulnerabilities in container images referenced by IaC
More flexible developer workflows, including the programmatic enforcement of security policies before changes are committed into the code repository and before they are applied to the runtime environment
Improved ability to filter and prioritize findings according to user needs
Deeper integration with external dashboards and reporting frameworks
A new graphical user interface to simplify creation and testing of new policies
- Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling - Help Net Security
- New Terrascan features
The ability to identify security risks in more IaC and container definition formats
Integration with all major container registries, including to identify vulnerabilities in container images referenced by IaC
More flexible developer workflows, including the programmatic enforcement of security policies before changes are committed into the code repository and before they are applied to the runtime environment
Improved ability to filter and prioritize findings according to user needs
Deeper integration with external dashboards and reporting frameworks
A new graphical user interface to simplify creation and testing of new policies
- Protect your PHP websites with CrowdSec - The open-source & collaborative IPS
- Participative IPS
- XMGoat: Open-source pentesting tool for Azure - Help Net Security
- Things I Found Out the Hard Way to Get the Most of the Nvidia Shield – Olivier Travers
- Living and Having a Business in Amsterdam – Starting A Business
- 4. Learn the Culture
The Dutch appreciate plain speaking above anything else, so avoid vague references while speaking.
Nonetheless, there is a much more equal corporate structure in the Netherlands. Employees and managers are often given an elevated level of independence to make decisions instead of having to operate in a strictly hierarchical structure.
- The value of a college degree
- The bottom line? FREOPP says there are three main messages to draw from their report.
First, major is the most important factor when predicting the return-on-investment for a college education. Degree subject accounts for half almost half of ROI variation alone.
Second, elite colleges can pay off, but not always. FREOPP found that there is a weak correlation between the cost of a school and how much a degree from that school is worth. But, as with majors, there's plenty of variation. A film degree from Harvard is likely to be worth less than an engineering degree from a “no name” university.
Finally, there are a lot of bachelor's degrees that don't make sense from a financial perspective. You might want an art degree or a religion degree for other reasons, and you might be fulfilled with those degrees, but they're poor choices when viewed through the lens of money.
- How to Install ModSecurity for Nginx on Debian/Ubuntu
- Server Performance Monitoring | Guide to Best Practices
- Top SAST Tools 2021 | Static Application Security Testing
- WhiteSource Software
Perforce
CyberRes
SonarQube
Spectral
- Algorithms that detect cancer can be fooled by hacked images - The Verge
- Exploiting Log4j: 40% of Corporate Networks Targeted So Far
- PowerShell Get-Content a PowerShell Tail Equivalent
- Texas Apple store closes due to COVID-19 outbreak | Engadget
- Learning from history: How this all happened
- 6 Common Questions About Cybersecurity Exercises | ServerWatch
- Before conducting cybersecurity exercises, your company should understand why such training is needed and how regularly it should be performed, as well as establishing standard incident response processes.
When ordering cybersecurity exercises from a third party, your organization needs to convey complete information about your infrastructure to the service provider. Knowing all critical points, possible security vulnerabilities, and anticipated attack scenarios will help improve the quality of upcoming exercises.
It is important to carefully consider your choice of a platform for conducting cybersecurity exercises. You must choose a service provider you can trust, understanding that this partner will adequately assess the results and formulate competent recommendations.
Try to soberly assess your strengths and opportunities in terms of time and money. Start slowly, choosing a narrow area for improvement and then moving in clear and concrete steps.
Learn from the experience of other industries, such as those of software development and testing. Many of your methodological may have been worked out by others.
Do not forget that there is no “bad” way to develop cybersecurity skills — use all the methods available to you.
- Hacking Unifi Controller Passwords for Fun and WIFI - Black Hills Information Security
- QSC21, VMDR Training and Exam | Alexander V. Leonov
- training
- Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021 | Alexander V. Leonov
- 3 401(k) Moves to Make ASAP in 2022 | The Motley Fool
- Vanguard data, however, shows the median 401(k) match is 4% of a worker's salary.
- Ransomware attackers down shift to 'Mid-Game' hunting in Q3
- Terence Luk: Configuring Security Headers to secure Microsoft Active Directory Federation Services / AD FS for scoring an A on SecurityHeaders.com
- he following are the configuration for headers that I’ve used in the past to score an A (these are executed on the internal AD FS server and not on the WAP):
Set-AdfsResponseHeaders -SetHeaderName "Content-Security-Policy" -SetHeaderValue "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' "
Set-AdfsResponseHeaders -SetHeaderName "Strict-Transport-Security" -SetHeaderValue " max-age=157680000; includeSubDomains"
Set-AdfsResponseHeaders -SetHeaderName "X-XSS-Protection" -SetHeaderValue "1;mode=block"
Set-AdfsResponseHeaders -SetHeaderName "X-Content-Type-Options" -SetHeaderValue "nosniff"
Set-AdfsResponseHeaders -SetHeaderName "Referrer-Policy" -SetHeaderValue "no-referrer"
Set-AdfsResponseHeaders -SetHeaderName "Permissions-Policy" -SetHeaderValue "geolocation=(),microphone=(),fullscreen=(self), vibrate=(self)"
Note that X-Frame-Options is already set to DENY by the AD FS server so there is no need to configure it. Use the following cmdlet to review the settings:
Get-AdfsResponseHeaders | Select-Object -ExpandProperty ResponseHeaders
- Greek Spinach Rice Pilaf Recipe - Gluten Free, Vegan Option, Allergy Friendly | Penniless Parenting
- Greek Spinach Rice Pilaf Recipe - Gluten Free, Vegan Option, Allergy Friendly
Ingredients:
1/2 cup oil
2 large onions
3 cups packed greens, either spinach or swiss chard or sea beet (or honestly any other non bitter green would work)
1 1/2 tablesppons dry dill
1 tsp garlic powder
3 cups rice
6 cups water/broth
1 teaspoon salt or to taste
2-4 tablespoons lemon juice, or to taste
Instructions:
1. Saute onions in oil until soft.
2. Chop your greens very finely. Add them to the onions.
3. Cook greens until fully wilted.
4. Add the rest of the ingredients other than lemon juice and bring to a boil.
5. Cover and simmer on low for 20 minutes.
6. Mix and add lemon juice to taste.
- Greek Spinach Rice Pilaf Recipe - Gluten Free, Vegan Option, Allergy Friendly | Penniless Parenting
- Greek Spinach Rice Pilaf Recipe - Gluten Free, Vegan Option, Allergy Friendly
Ingredients:
1/2 cup oil
2 large onions
3 cups packed greens, either spinach or swiss chard or sea beet (or honestly any other non bitter green would work)
1 1/2 tablesppons dry dill
1 tsp garlic powder
3 cups rice
6 cups water/broth
1 teaspoon salt or to taste
2-4 tablespoons lemon juice, or to taste
Instructions:
1. Saute onions in oil until soft.
2. Chop your greens very finely. Add them to the onions.
3. Cook greens until fully wilted.
4. Add the rest of the ingredients other than lemon juice and bring to a boil.
5. Cover and simmer on low for 20 minutes.
6. Mix and add lemon juice to taste.
- Amazon explains outage that took out a large chunk of the internet | Engadget
- Logging library for millions of apps has a serious vulnerability | Engadget
- Log4Shell
- How to Check Supported TLS and SSL Ciphers (version) on Linux | 2DayGeek
- openssl ciphers -v | awk '{print $2}' | sort | uniq
openssl ciphers -v | column -t
openssl s_client -connect www.2daygeek.com:443 -tls1_2
- Jack Dorsey Got Bored of Twitter Too - The Atlantic
- Hitting the Books: How the interplay of science and technology brought about iPhones | Engadget
- https://o.aolcdn.com/images/dims?image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2021-12%2F8d6f0e00-545d-11ec-badf-af068933054f&thumbnail=675%2C&client=49kdj93ncb8s938hkdo&signature=41f5e43322115eab5655cc0773c4d08d288e43af
- USBefuddled: Untangling the Rat’s Nest of USB-C Standards and Cables - TidBITS
- Deploy LXD container with terraform | panticz.de
- Countering the Ransomware Threat: A Whole-of-Government Effort - Lawfare
- Amazon will make its security awareness training freely available to the public.
- Hitting the Books: How Amazon laundered the 'myth of the founder' into a business empire | Engadget
- 3 Types of Rice to Use for Risotto (and Which to Skip) | Kitchn
- Java to Python: A Paradigm Shift in Automated Testing with Selenium - TechVariable
- Top 5 Python Frameworks for Test Automation in 2021
- 5 Best OpenSSH Server Best Security Practices
- 1. DenyHosts
2. Fail2Ban
3. Disable Root Login
4. Display SSH Banner
5. SSH Passwordless Login
- Managing the Cybersecurity Vulnerabilities of Artificial Intelligence - Lawfare
- The Cyberlaw Podcast: Cyber Incident Reporting Bill: Good News for K Street - Lawfare
- Five useful tools for Social Media Intelligence | Andrea Fortuna
- Social Mapper
Social Analyzer
Sherlock
Maigret
SocialRecon
- No future for booting ESXi from USB in VMware home labs, using max endurance microSD for ESXi 7.0U3 now, SATA/SATADOM or M.2 later | TinkerTry IT @ Home
- Active Directory Certificate Services Discussion and Install Guide - The Tech Journal
- vCSA Update - Backup and Restore Tips and Tricks - The Tech Journal
- The SANMAN: The Evolution & Emergence of the Hybrid Cloud
- The SANMAN: Answering a CIO's concerns around SDDC
- Technical notes, my online memory: kubectl Kubernetes Cheat Sheet
- Sysadmin Stories: Deploy VCSA Appliance with Terraform
- How to move or restore a Windows 11 VM in Hyper-V with TPM enabled (Shielded VMs)
- 6 steps to pimp my terminal
- Make PowerShell with k8s great again
- Improved, Automated Vulnerability Management for Cloud Workloads with a New Amazon Inspector | AWS News Blog
- Improved, Automated Vulnerability Management for Cloud Workloads with a New Amazon Inspector | AWS News Blog
- AWS Cloud Adoption Framework (CAF) 3.0 is Now Available | AWS News Blog
- New – Amazon EC2 R6i Memory-Optimized Instances Powered by the Latest Generation Intel Xeon Scalable Processors | AWS News Blog
- Identify the boot device for a VMware ESXi host - ivobeerens.nl
- Terraform and vSphere – Part 1 | Adventures in a Virtual World
- The long, complicated history of lines at Disney theme parks
- DIY: Light board, part 3 - proof of the pudding - robbeekmans.net
- DIY: Light board, Part2 - Setup - robbeekmans.net
- DIY: Light board - robbeekmans.net
- Combined Pi-Hole Statistics in Home Assistant · vNinja.net
- Public Policy: Strategies for Civilizing American Cyberspace | VMware Security Blog | VMware
- Empowering Customers with Simpler and Faster Security | VMware Security Blog | VMware
- 1. The Security Risk Picture Is Out of Focus – Rather than focusing directly on a risk scenario and its impact, organizations should zoom out and think in terms of a spectrum of possible impacts.
2. Legacy Security Practices Are Slowing Things Down – All security practices should be open to challenge and, if appropriate, be thrown aside. To scale and remain agile, organizations must constantly challenge the “how” of cybersecurity, as well as the “why.”
3. Security Is Not a Solo Sport – No single group or organization can stem the tide of security threats. Put simply, we’re all in this together.
- CISO Empowerment | VMware Security Blog | VMware
- Here is a ten-step strategy to bolster and strengthen your position as CISO:
1. Learn the business of your organization and translate cyber risk to business risk.
2. Befriend your General Counsel and explain how cybersecurity is a “duty of loyalty”. Explain why worst case scenario has changed to the digital transformation that will be hijacked and used to attack our customers and partners.
3. Consolidate your security tools and ensure they are integrated.
4. Decrease dwell time and raise Board awareness by conducting weekly threat hunts.
5. Join the Advisory Board of your top two security vendors and influence their designs.
6. Write monthly concise reports for your Board which include imagery.
7. Bring in external cyberthreat experts to brief your Board on industry specific cyber-attack campaigns on a quarterly basis.
8. Participate in your regional cyber fraud taskforce.
9. If you don’t have the personnel or capacity to manifest your security vision, hire an MDR firm who specializes in your industry.
10. Speak at the major cybersecurity conferences and develop your personal brand.
- DevSecOps: The Competitive Advantage of a Unified Team | VMware Security Blog | VMware
- Only one in five developers strongly agree that they understand which security policies they are expected to comply with, while alarmingly, more than half of the developers surveyed are not involved at all in security policy decisions, despite many of these greatly impacting their roles.
Organizations where security and development teams have a positive relationship can speed up the software development lifecycle by five days per release compared to those without – demonstrating how speed to market and competitive advantage are at stake here.
- Moving Left of the Ransomware Boom | VMware Security Blog | VMware
- How to Install and Use acme.sh script to get free SSL Certificates on Linux – VITUX
- acme.sh
- vCloudNotes : Let's Learn Together: Domain Trust Relationship issue on a recently migrated server
- ipconfig /registerdns
- AWS Certified DevOps Engineer Professional Study Guide – vcdx133.com
- Best Open Source Security Tools | eSecurityPlanet
- WhiteSource
Revenera
Synopsys
- oracle/linux-blog-sample-code at linux-cheat-sheet
- How to take a backup of an Elasticsearch cluster
- ClamAV 0.104.1 Free Antivirus Package Updating - LinuxStoney
- 15 Basic 'ps' Command To Monitor Linux Process With Examples | LinuxTeck
- 5 Ways to Remove Background in Image Using GIMP
- Upgrading Homelab Kubernetes Cluster from 1.21 to 1.22 | Lisenet.com :: Linux | Security | Networking
- What Are Uchi and Soto and Why Are They So Important for Understanding Japanese?
- Dependency Combobulator: Open source toolkit to combat dependency confusion attacks - Help Net Security
- Combobulator
- screenFetch - An Ultimate System Information Generator for Linux
- Install TaskBoard with Apache and let's Encrypt SSL on Debian 11
- Wazuh Blocking attacks with Active Response - Unixcop the Unix / Linux the admins deams
- Introduction to Kubernetes | What is Kubernetes - OSTechNix
- 8 Things You’ll Notice When You Start Living Below Your Means – BeingFrugal.net
- 1. Sacrifice Isn’t as Painful as You Thought
2. You Didn’t Need That Item
3. Less Stress
4. More Security
5. A Healthier Bank Balance
6. Improved Opportunities
7. You’ll Become Savvier
8. Increased Self-Worth
- Essential System Tools: Czkawka - data cleaner - LinuxLinks
- Czkawka
- ThreatMapper: Open source platform for scanning runtime environments - Help Net Security
- Securing your Kubernetes cluster with Kubewarden - Octopus Deploy
- Securing Your Kubernetes Cluster with Kubewarden | Linux Today
- Pi-Hole Update Troubles – CubicleNate's Techpad
- Raspberry Pi Unveils 'Code Club World': A Way for Kids to Learn Code at Home - FOSS Force
- [Howto] Installing Cilium with Minikube on Fedora – /home/liquidat
- Configuring TACACS+ Server With A Simple GUI | Linux Journal
- TACACS+
- The Get Rich Slowly file vault
- The Best HSA Plans: Fidelity and Lively — My Money Blog
- Digital Minimalism Book Review: Parallels With Time and Money Management — My Money Blog
- Researchers identify 'cybermercenary' group behind dozens of hacks | Engadget
- Something Awful founder Richard Kyanka dies at 45 | Engadget
- US joins international cybersecurity partnership | Engadget
- Cyberattacks Disable IT Networks at 2 Indiana Hospitals
- From Oracle Standard Auditing to Oracle Unified Auditing - Blog dbi services
- DistroWatch.com: Put the fun back into computing. Use Linux, BSD.
- 3 focus areas for DevSecOps success
- Impact of the team
Incorporating a new security-focused mindset with tools
Measuring the progress
- IT careers: 5 ways to get out of a rut | The Enterprisers Project
- 1. Set new personal goals
2. Expand your network
3. Don't limit yourself to a specific career path
4. Always look to solve problems
5. Acquire new skills
- IaaS vs PaaS vs SaaS
- Shared responsibility in the cloud - Microsoft Azure | Microsoft Docs
- What is EFS (Elastic File System) in AWS and how to use it
- 3 phases to start a DevSecOps transformation | Opensource.com
- Phase 1: analysis, education, and training
Phase 2: integrate security into your DevOps lifecycle
Phase 3: introduce automation into your DevOps lifecycle
- Using terraform to launch Digitaocean kubernetes cluster – Part 1
- Instantly test your cables by plugging them into this device | Arduino Blog
- Hello IPv6: a minimal tutorial for IPv4 users
- Book Review: API Security In Action – Adventures in the programming jungle
- The Future of Connected Cloud Architecture
- Top 10 security concerns for cloud-based services
- 1. Data Breaches
2. Hijacking of Accounts
3. Insider Threat
4. Malware Injection
5. Abuse of Cloud Services
6. Insecure APIs
7. Denial of Service Attacks
8. Insufficient Due Diligence
9. Shared Vulnerabilities
10. Data Loss
- NIST Guidance Focuses on Creating 'Cyber Resiliency'
- Case Study: Team Approach for Medical Device Cybersecurity
- Startup Security Guide: Minimum Viable Security Checklist for a Cloud-Based Web Application
- Apple Deprecates the Insecure TLS 1.0 and 1.1 Protocols in iOS 15, macOS 12
- 8 Free and Open Source Patch Management Tools Your Company Needs
- Former Army Contractor Received a 151-Month Sentence for Fraud Scheme
- Google's New Spyware in Chrome 94 - FOSS Force
- In PuTTY, Scripted Passwords are Exposed Passwords | Linux Journal
- A major telecom company that partners with AT&T and Verizon said hackers had access to its system for over 5 years, exposing billions of texts
- Best 15 Dark Web Websites You Shouldn’t Miss
- Facilitating the Secure Exchange of Health Data
- FTC: Health App, Device Makers Must Report Breaches
- Are You A Hacker, Developer or Engineer? (And Why it Matters)
- A hacker can come up with solutions, but maybe they can’t look back after they’ve finished and realize how they came up with the solution. They just kinda poke at things until they get something that works.
…
At some point, you level up and become a developer and a developer understands best practices. They’ve heard other developers say things like “you should put your scripts at the bottom of the webpage” … and you use those best practices to craft solutions but you don’t really understand beneath the best practices, beneath the abstractions.
…
An engineer is someone who can get things done, craft a solution – they understand the best practices, but they also understand why they’re using the best practices that they are … [they] move into an understanding of the platform as a whole.
Can companies follow the same journey?
- Startups: Get More Customers From Your Website by Understanding the Funnel
- Turn Your Nervous Speech Habit into An Awesome Presentation Tactic
- Healthcare Exchange Standards: InScope podcast: #FHIR security
- Healthcare Exchange Standards: Tutorial Links
- Healthcare Exchange Standards: Healthcare use of Identity level of assurance
- Ransomware, Vendor Breaches Spike on Federal Tally
- Lawsuits: Negligence Led to UC San Diego Health Incident
- "It may further take longer to determine whether, to what extent, and whose patient information was or may have been compromised," she notes. "Covered entities need to remain very conscious of any timing requirements during the course of what can be often protracted forensic analysis and investigation, and ensure their legal counsel remains involved in the process as well." "Analysis of large organization data breaches invariably exposes institutional failures that proper oversight would have identified and prevented," he notes. "It is high time all healthcare CEOs and boards learn it. Rampant medical identity theft threatens each patient’s safety and financial well-being," he says.
- Thank you, SonarSource - openSUSE admin - openSUSE Project Management Tool
- ClamAV Antivirus for Linux Tutorial | HackerTarget.com
- PHP End of Life (a reminder)
- The New Security Basics: 10 Most Common Defensive Actions
- The BSIMM report aims to allow companies to make data-driven decisions on how to improve their software security efforts over time. The 10 most common activities — and the share of organizations participating in those activities — are:
Implement lifecycle instrumentation and use to define governance (92%)
Ensure host and network security basics are in place (91%)
Identify PII obligations (89%)
Perform security feature review (88%)
Use external penetration testers to find problems (87%)
Create or interface with incident response (84%)
Integrate and deliver security features (80%)
Use automated tools (80%)
Ensure QA performs edge/boundary value condition testing (78%)
Translate compliance constraints to requirements (77%)
- 5 Ways to Become a Better Cyber-Threat Exterminator
- Establish a Formal Intelligence Program
Structure Data into Entities and Events
Prioritize Alerts
Improve Incident Response and Vulnerability Management
Use Predictive Models
- GitHub - vletoux/pingcastle: PingCastle - Get Active Directory Security at 80% in 20% of the time
- How to Implement a Security Champions Program
- What Are the Different Types of Cyber Insurance?
- Cyber insurance policies include different types of coverages that span first-party loss, first-party expenses, and third-party liability, each with specific parameters — sublimits, retention, and others. First-party loss typically includes loss of revenue due to business interruption, while first-party expenses would include the many services and resources needed to recover from an attack, such as forensic or system-rebuilding services. Third-party liability may cover expenses and legal fees related to the potential damage caused by the incident to third parties, such as partners, customers, or even employees whose sensitive information has been compromised.
- Blog, Reproducing vulnerabilities in test reports - DigiNinja
- Blog, ModSecurity and DVWA lab
- Introducing USB Detective - Digital Forensics Stream
- Wireless Pentesting Part 4 – Performing an Actual Wireless Pentest - The Ethical Hacker Network
- Errata Security: CISSP is at most equivalent to a 2-year associates degree
- The right to repair – Exotic Security
- The best long haul flight tip I've got, bring an empty bottle – Exotic Security
- Waterbottle
- Recovering data from a hard drive after wiping the partition table – Exotic Security
- Securing Apache with Client Certificates – Exotic Security
- AviD's Rule of Usability – Exotic Security
- AviD's Rule of Usability:
"Security at the expense of usability, comes at the expense of security."
- Is antivirus dead yet? – Exotic Security
- Automated Kubernetes Deployment with Ansible – Virtual Elephant
- Build a Cyber Security Lab with DetectionLab | HackerTarget.com
- osquery Linux Tutorial and Tips | HackerTarget.com
- NSA Urges SysAdmins to Replace Obsolete TLS Protocols | Threatpost
- TLS in 2021 | JDPFu.com 2021
- NSA strongly discourages use of TLS 1.2
- BloodHound – Hacking Active Directory Trust Relationships - blackMORE Ops
- A Death Due to Ransomware - Schneier on Security
- The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing.
Amid the hack, fewer eyes were on the heart monitors — normally tracked on a large screen at the nurses’ station, in addition to inside the delivery room. Attending obstetrician Katelyn Parnell texted the nurse manager that she would have delivered the baby by caesarean section had she seen the monitor readout. “I need u to help me understand why I was not notified.” In another text, Dr. Parnell wrote: “This was preventable.”
[The mother] Ms. Kidd has sued Springhill [Medical Center], alleging information about the baby’s condition never made it to Dr. Parnell because the hack wiped away the extra layer of scrutiny the heart rate monitor would have received at the nurses’ station. If proven in court, the case will mark the first confirmed death from a ransomware attack.
What will be interesting to see is whether the courts rule that the hospital was negligent in its security, contributing to the success of the ransomware and by extension the death of the infant.
Springhill declined to name the hackers, but Allan Liska, a senior intelligence analyst at Recorded Future, said it was likely the Russianbased Ryuk gang, which was singling out hospitals at the time.
They’re certainly never going to be held accountable.
- iTWire - Ransomware contractor paints a different picture of the genre
- The Cyber Monoculture Risk - Lawfare
- Why there will be new software winners in ten years time, and how the giants will fall - Maddyness UK
- 111+ Mind-boggling Linux Statistics and Facts for 2021 - Linux Rocks!
- That grumpy BSD guy: What every IT person needs to know about OpenBSD
- If you only have a few minutes to spare, the highlights are:
OpenBSD has been around for more than 25 years (started October 1995)
OpenBSD is proactively secure with only 2 remote holes in default install in all those years
OpenBSD pioneered use of strong cryptography, the first free system to ship with IPSec (entangling itself in US export regulations in the process)
OpenBSD pioneered and is still leading in code audit, fixing similar bugs tree-wide when found
OpenBSD has all security enhancements enabled by default and are hard going on impossible to disable
OpenBSD is open source, free software and the project actively encourages independent verification of code quality and security.
Today OpenBSD is in use in many network-centric roles, even though it is a general purpose operating system albeit with a particular emphasis on security.
OpenBSD has a high profile quality image based on actual code quality and proven performance in real world use
OpenBSD is upstream (origin) for several widely used pieces of software such as OpenSSH, OpenBGPD, PF, OpenSMTPd, LibreSSL, iked, mandoc and a number of others. For a complete list, please see the OpenBSD Innovations page on the OpenBSD website.
OpenBSD has been ‘growing up in public’ with code generally accessible via anonymous CVS (the first of its kind) since 1995 – transparent process, development discussions on public tech@ mailing list
Developers would do well to study high quality (mainly) C source and how the project runs a 6 month release cycle like clockwork (with only a few notable exceptions).
- What's up with Sandboxing? | Jolla Blog
- Use Vagrant to test your scripts on different operating systems | Opensource.com
- Chip Shortages Aren’t Sweet for Networking | The Networking Nerd
- Oracle 21c XE Database and Docker setup « Oralytics
- 28 Days Later – Managing the Challenges Posed by Long-Term Retention Backups | Data Protection Hub
- There are in fact seven distinct challenges that the use of long-term retention backups introduce:
Cost
Future recoverability
Testing
Platforms and media management
Organisational change
People and processes
Legal and auditing
- How do you solve protective dissonance?
- So let’s get back to protective dissonance. You can either just accept it as something that there’s a disconnect between the bulk of the work you do/what the company values, or you can take action by:
Being lazy – automating everything you can,
Evolving the tools you use – handling scale, and
Moving towards autonomous behaviour.
- Connecting your Dell EMC systems to SRS, the easy way! - FastStorage
- Proxmox vs ESXi | Choosing the Best Hypervisor | ServerWatch
- How to Create Linux OS Templates with KVM on Ubuntu 20.04 – VITUX
- CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short | CSO Online
- Seven strategies for building a great security team | CSO Online
- Accelerate career advancement
Create a supporting cast
Create teams that better reflect the overall population
Hire for, and cultivate, nontechnical skills
Build strong, resilient team players
Show your team the mission
Let your team members know what’s in it for them
- 10 top API security testing tools | CSO Online
- APIsec
AppKnox
Data Theorem API Secure
Postman
Smartbear ReadyAPI
Synopsis API Scanner
Astra
crAPI
Apache JMeter
Taurus
- Software cybersecurity labels face practical, cost challenges | CSO Online
- The new math of cybersecurity value | CSO Online
- 5 observations about XDR | CSO Online
- 1. No one owns the definition of XDR.
2. XDR solutions will win or lose based on advanced analytics.
3. XDR is all about turnkey automated response.
4. The MITRE ATT&CK framework is the lingua franca of XDR.
5. “Openness” is critical.
- A Cheap And Easy Picroft
- 4 lessons from recent Microsoft Azure cloud vulnerabilities | CSO Online
- Developers and admins should always:
Review which of the cloud services you use have external IP access.
Evaluate the risks involved in external access and determine if there are other ways to protect that access.
Set up for notifications from your cloud vendors to keep apprised of security issues.
Stay aware of the security chatter and news regarding the development platform you use. In the case of Microsoft Azure, you can use the Microsoft Security Response Center landing page and filter on the product family of Azure for the tools you use. Cloud vendors will often fix the issue on their end and alert you if you need to install patches.
- Three Essential Security Technologies to Combat Ransomware | CSO Online
- 1) Transition VPN to ZTNA
2) Bring Enterprise-grade security and networking to employees’ homes
3) Add Endpoint Detection and Response
Making a Dent in Ransomware Through Education and Training
- 6 steps for third-party cyber risk management | CSO Online
- Here are the six key steps involved in creating a comprehensive TPCRM framework:
Identify vendors
Determine risk potential
Have vendors complete risk questionnaires
Develop a security scorecard
Address risks in order of priority
Monitor, optimize, strengthen, and streamline
- How to Create a Cold Storage Crypto Wallet with a USB Memory Stick | Hacker Noon
- Scanning Ansible code with Ansible Lint - Blog dbi services
- Understanding AWK - Earthly Blog
- How To Convert Text To Speech Using eSpeak NG In Linux - OSTechNix
- Toshiba Canvio Advance external hard disk and Debian Linux. – BaronHK's Rants
- (because tests need to be reproducible in order to determine if there’s a problem, how bad it is, and whether you’ve made progress in fixing it)
- How To Install Django on Debian 11 - idroot
- How I monitor my web server with the ELK Stack | Enable Sysadmin
- How I use Ansible and anacron for automation | Opensource.com
- Linux Achieves 5.1M IOPS Per-Core With AMD Zen 3 + Intel Optane - Phoronix
- Personal Management System: A personal CRM and daily routine for busy minds
- House passes legislation to strengthen federal cybersecurity workforce | TheHill
- Security experts weigh in on Microsoft Azure security holes
- How to analyze Linux system boot time with Systemd - Linux Shout
- 7 tips for better CISO-CFO relationships | CSO Online
- How Jefferson Health enhanced cybersecurity via its cloud transformation | CSO Online
- Using RADIUS For WLAN Authentication, Part II - Wi-FiPlanet.com
- Using RADIUS For WLAN Authentication - Wi-FiPlanet.com
- Oracle to PostgreSQL? 6 Reasons to Make Your Open Source Migration - insideBIGDATA
- 1) Starting is easy
2) The open source licensing and community are *exceptionally* open
3) It’s true open source
4) It’s similar to Oracle in the ways that you want it to be
5) It’s extensible
6) The power of PostGIS
- The CIS Benchmarks Community Consensus Process | CSO Online
- Linux Fu: Monitor Disks | Hackaday
- Using Ansible with REST APIs | Opensource.com
- MS-DEFCON 4: The printing issues continue @ AskWoody
- Savings Rate vs. Income Bracket: How Impressive Is Your Savings Rate? — My Money Blog
- How to Use the PowerShell Exit Command and Friends
- 25 years of Sysinternals | Born's Tech and Windows World
- How to Make Your Next Cybersecurity Compliance Audit a Breeze | CSO Online
- Cloud Sniper - Black Hat USA 2021 | Arsenal Schedule
- SimpleRisk - Black Hat USA 2021 | Arsenal Schedule
- The Speed of Time
- The Cost Of Moving Atoms In Space; Unpacking The Dubious Claims Of A $10 Quintillion Space Asteroid | Hackaday
- Linux Fu: VPN For Free With SSH | Hackaday
- USB Webcams Out Of Stock? Make One With A Raspberry Pi And HQ Camera Module | Hackaday
- This Automated Wire Prep Machine Cuts And Strips The Wire | Hackaday
- North American Field Guide To Rail Cars | Hackaday
- Learn Compilers Online From Cornell | Hackaday
- Minimal safe Bash script template - Better Dev
- Hitting the Books: How Bitcoin is somehow worth more than the paper it's printed on | Engadget
- HEPA Room Air Filter by jshanna - Thingiverse
- USB-C Charging On Your ThinkPad, One Step At A Time | Hackaday
- What Makes A Good Antenna? | Hackaday
- A USB-PD Laptop Conversion In Extreme Detail. | Hackaday
- How To Bake Brownies With A Perfect Glossy Skin | Hackaday
- FreeTouchDeck Upgrades Its Hardware And Its Name: ESP32 Touchdown | Hackaday
- FreeTouchDeck
- Mastering The Tricky Job Of Soldering SMA Connectors | Hackaday
- A Brief History Of Viruses | Hackaday
- What Can A $30 USB Spectrum Analyser Do For Me? | Hackaday
- RIP Lou Ottens, Developer Of The Compact Cassette And More | Hackaday
- Scratch-Built Rolling Tool Cabinet Is A Metalworking Skill-Builder | Hackaday
- New Research report “Connected Medical Device Security” shows health networks still exposed to significant risk of attack and disruption - Forescout
- How CMMC Measures Up to Other Compliance Frameworks | ActZero
- What NOT to Do in Your First 90 Days as a CISO - Security Boulevard
- Learn as much as possible about your predecessor’s mistakes.
Come up with a massive strategic InfoSec restructuring plan.
Ask to triple the budget.
Pick an infosec framework that is drastically different from the one already in place.
Bring a Big 4 consultant to conduct a large audit against that framework.
Based on the audit results, define a 3-year InfoSec roadmap that involves new hires and tool purchases, but does not set clear milestones (3 years is about as long as it takes before your next CISO swapping cycle)
Announce plans to replace a couple of major infosec tools, heavily integrated throughout the environment, on the grounds of not meeting expectations.
Purchase new tools that do exactly the same, but cost 50% more (plus 6 months of implementation services)
Hire a couple of symbiotic employees who follow you everywhere (with proper titles & compensation)
Make friends with key executives; blame recently departed execs/managers for all problems.
Start slowly looking for your next career opportunity.
- Recent Threats Highlight the Importance of Cybersecurity in Healthcare - Forescout
- Protecting the healthcare industry from cyber threats - Security Boulevard
- Introducing KubeLinter - an open source linter for Kubernetes - Security Boulevard
- DICOM file security: How malware can hide behind HIPAA-protected images | Votiro
- 5 Reasons Why Web Security Is Important to Avoid Ransomware | Acunetix
- Reason 1. Ransomware Is a Result of Attack Escalation
Reason 2. Web Attacks Are Used to Spread Ransomware
Reason 3. Move to Cloud Means that More Criminals Aim for the Cloud
Reason 4. Organizations Do Not Report Attack Details
Reason 5. Media Focuses on the Problem, Not the Solution
- What Is the R.U.D.Y. Attack - Security Boulevard
- Obfuscation - Lessons from Teaching Cybersecurity: Week 5
- Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives - Security Boulevard
- 5 Lessons Learnt from BJJ that Are Applicable to Cybersecurity
- 1. Close the distance
2. Keep your friends close, but your elbows closer
3. Size doesn’t matter
4. When you know how to defend, you know how to attack
5. Everything in life changes, but jiu-jitsu stays the same
- ENISA Threat Landscape 2020 - List of top 15 threats — ENISA
- Keep Your Site Safe with the OWASP Top 10 List - Hashed Out by The SSL Store™
- 5 key benefits of using an IP scanner - ManageEngine Blog
- 1. Enabling holistic scanning and data consistency of IP allocations
2. Deriving a complete picture of your IP resource usage with an IP scanning software
3. Increasing network performance by optimizing IP space fragmentation and utilization
4. Managing dynamic networks by monitoring IP status changes
5. Staying ahead of IP resource exhaustion and capacity planning
- Operationalize the NIST Cybersecurity Framework Without Pulling All Your Hair Out - Security Boulevard
- Picking the right tool - lessons from teaching cybersecurity week 6
- Roles and responsibilities that lead to better software security initiatives | Synopsys
- How To Prepare for a CMMC Audit - Security Boulevard
- Top 10 risks to include in an information security risk assessment
- Social engineering
Disclosure of passwords
Unauthorised access to the network
Maintenance error
Electrical outage
Infrastructural damage
Malfunctioning equipment
Destruction of records
Theft
Weather events
- Three Ways Tracking NIST 800 53 in Spreadsheets is Wasting Your Cybersecurity Team's Time - Security Boulevard
- 1) Incongruencies and Version Control
2) Aggregation and Analyzing Results
3) Presenting and Reporting to Leadership
- HTTP/3: Ready to Land - Security Boulevard
- Software Composition Analysis Explained - Security Boulevard
- Recommended Controls for Maintaining HIPAA Security Compliance - Security Boulevard
- A Holistic Approach to Kubernetes Security and Compliance
- Kubernetes Security Best Practices - Security Boulevard
- Ghidra 101: How to Use the Cursor Text Highlighting Feature
- 4 Things a Good Vulnerability Management Policy Should Include
- An Overview of what the policy is intended to do.
The Scope of the policy.
Roles and Responsibilities under the organization.
Vulnerability Remediation/Risk Mitigation.
- What You Need To Know About Application Security Testing Orchestration - Security Boulevard
- Security and privacy laws, regulations, and compliance: The complete guide | CSO Online
- The 5 Ws for Building a Strong Cybersecurity Plan | CSO Online
- 12 database security landmines, failures, and mistakes that doom your data | CSO Online
- 1. Inadequate access management
2. Easy physical access
3. Unprotected backups
4. Unencrypted data at rest
5. Not using privacy protecting algorithms
6. Lack of proliferation controls
7. Lack of database controls
8. Vulnerable secondary databases
9. Vulnerable applications with access to data
10. Risky internet exposure
11. Lack of integrity management
12. Retaining unneeded data
- 8 top cloud security certifications | CSO Online
- 1. Certificate of Cloud Security Knowledge (CCSK)
2. CompTIA Cloud+
3. GIAC Cloud Security Automation (GCSA)
4. Certified Cloud Security Professional (CCSP)
5. Azure Security Engineer Associate
6. AWS Certified Security — Specialty
7. Professional Cloud Security Engineer
8. Certified Kubernetes Security Specialist (CKS)
- GLaDOS Voice Assistant Passive-Aggressively Automates Home | Hackaday
- Data Pump Enhancements in Oracle 21c (and a little support story)
- CERIAS Researchers Join Rolls-Royce, Carnegie Mellon Network to Create Cyber-resilient Systems - CERIAS - Purdue University
- 50 Years, and Lessons (Not) Learned - CERIAS - Purdue University
- Sturm und Drang and Hacking and Twitter - CERIAS - Purdue University
- Creative Choices: Developing a Theory of Divergence, Convergence, and Intuition in Security Analysts | Chris Sanders
- Ansible YAML Basics - Anto ./ Online
- XDR Defined | Security Blog | VMware
- Top DAST Tools 2021 | Dynamic Application Security Testing
- More IOPS with BIO caching [LWN.net]
- Excellent Free Tutorials to Learn Arduino - LinuxLinks
- Proxmox VE Full Course: Class 8 - Creating Container Templates - Invidious
- 20 Free Open-source Time Tracker Solutions To boost your Productivity
- Why Encryption is Critical to the Healthcare Industry | PKI
- Defense in Depth: Why You Need DAST, SAST, SCA, and Pen Testing - Security Boulevard
- Risk Journeys with Lisa Young | Cyber Risk Management | Axio
- Risk Journeys with Lisa Young | Cyber Risk Management | Axio
- Tripwire Book Club - A Review of The Ghidra Book
- The Most Common Website Attacks (How to Protect Yourself)
- CKS Certification Study Guide: System Hardening in Kubernetes - Security Boulevard
- Learn about containers and Kubernetes with Red Hat Academy
- Ghost in the Shell – Part 6 – Learn Shell Scripting | 𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗
- IAM Best Practices For DevOps - Sonrai Security
- Pcaps and the Tools That Love Them Part 1 of ??? - Security Boulevard
- DFARS Interim Rule Drives Need for Assessment Prep & Cybersecurity Management - Security Boulevard
- More Lessons Learned About Passing the OSCP Exam
- GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy - Security Boulevard
- Discuss digital personas.
Explain the abstract.
Encourage privacy behaviors.
Lead by example.
Make it a family conversation.
- CKS Certification Study Guide: Monitoring, Logging, and Runtime Security - Security Boulevard
- API Security in a Digitally Transformed World - Security Boulevard
- Five Things Security and Development Teams Should Focus on in 2021
- 1. Proportionate security by design
2. Clear, reliable documentation
3. Security focused training and methodologies
4. Maintain your foundations:
Risk Management, including threat mapping
Patch and Asset Management
Vulnerability Management
Threat Intelligence
Third Party Governance
5. Continuous validation on your solution and your environment
- 10 Tips to Protect Your Company’s Data in 2021 - Security Boulevard
- 1. Replace FTP Scripts
2. Encrypt Data in Transit and at Rest
3. Use Secure Collaboration Tools Between Employees, Customers, and Partners
4. Avoid Common Mistakes When Sending Large Files
5. Identify Compromised Devices on the Internal Network
6. Inspect Your Data Content Using DLP Technology
7. Classify Your Data to Protect It
8. Create and Implement a Cybersecurity Program
9. Try the Data Security Solutions You Want to Implement for Free
10. Trust in a Comprehensive Cybersecurity Provider
- WhiteHat Security Introduces AppSec Stats Flash: A Modernized Approach to Application Security Reporting - Security Boulevard
- It's Time for Vendor Security 2.0 - Daniel Miessler
- FTC rules that health apps must notify consumers if their data is breached | Engadget
- FTC rules that health apps must notify consumers if their data is breached | Engadget
- How COVID-19 Has Changed Cybersecurity for Government Departments - Security Boulevard
- Apple iPhone security update points to growing problem of 'zero days'
- Infrastructure in place to run each app as a separate user
- Global Logistics Company Uses AppViewX to Automate Certificate Lifecycle Management - Security Boulevard
- Building a Framework to Assess the Total Cost of Cloud IT Infrastructure - JumpCloud
- JeffSoh on NetSec: Pcaps and the Tools That Love Them Part 2
- JeffSoh on NetSec: Pcaps and the Tools That Love Them Part 1
- Rancher Kubernetes Engine (RKE) Security Best Practice for Cluster Maintenance & Network Security - Part 4 of 4 | StackRox Community
- Rancher Kubernetes Engine (RKE) Security Best Practice for Container and Runtime Security - Part 3 of 4 | StackRox Community
- Rancher Kubernetes Engine (RKE) Security Best Practices for Authentication, Authorization, and Cluster Access - Part 2 of 4 | StackRox Community
- Rancher Kubernetes Engine (RKE) Security Best Practices for Cluster Setup - Part 1 of 4 | StackRox Community
- WordPress security & hardening, the definitive guide - Security Boulevard
- Ghidra 101: Decoding Stack Strings | The State of Security
- Which AppSec Testing Type Should You Deploy First? | Veracode
- Crawl, Walk, and Run with SASE Adoption - Security Boulevard
- ICS Purdue Model in Industrial Internet of Things (IIoT) & Cloud - Security Boulevard
- PacketFence | Open Source NAC
- deploy360-ipv6-security-v1.0.pdf
- infoblox-whitepaper-seven-deadly-traps-of-ipv6-deployment_0.pdf
- Source Code Security Analyzers | NIST
- Secure JSONification? - LFlat, The Home of Vrurg
- eduroam.org – eduroam global site
- ADT Installer Hacks Home Cams for Sexual Thrills - Security Boulevard
- How to Write a Vulnerability Management Policy - Hurricane Labs
- Things your manager might not know
- Here are the facts your manager might not know about you and your team that we’ll cover in this post:
What’s slowing the team down
Exactly what individual people on the team are working on
Where the technical debt is
How to help you get better at your job
What your goals are
What issues they should be escalating
What extra work you’re doing
How compensation/promotions work at the company
- Best practices for REST API design - Stack Overflow Blog
- Handbook
- Docker Threat Model - CloudSecDocs
- GitHub - alcideio/skan: Scan Kubernetes resource files , and helm charts for security configurations issues and best practices.
- Free for developers
- Securing your code: GDPR best practices for application security
- The CSS Mindset | Max Böck
- Running static analysis tools for PHP - Rule of Tech
- Automate your dependency management using update tool - Rule of Tech
- Getting Started With FreeRTOS And ChibiOS | Hackaday
- Ransomware Lessons for a Nation Held Hostage - Lawfare
- Understand Cyber Security and Cryptography - Unixcop
- Scanner School Podcast + Webinar: This is Why You Need an SDR
- Set the order of task execution in Ansible with these two keywords | Enable Sysadmin
- Jonah Edwards - Internet Archive Infrastructure : Free Download, Borrow, and Streaming : Internet Archive
- The Current State of Kubernetes Threat Modelling – Marco Lancini
- Docker Security Best Practices from the Dockerfile
- Chess Tactics Explained in English: Ward Farnsworth's Predator at the Chessboard
- Scott Hanselman's 2021 Ultimate Developer and Power Users Tool List for Windows - Scott Hanselman's Blog
- GitHub - Ethereal-Developers-Inc/OpenScan: OpenScan is an open-source document scanner app that enables users to scan hard copies of documents or notes and convert it into a PDF file. No ads. No data collection. We respect your privacy.
- Unicode: On Building The One Character Set To Rule Them All | Hackaday
- Applying DevSecOps practices to Kubernetes: software supply chain
- introducing witchery: tools for building distroless images with alpine – Ariadne's Space
- Highly Configurable Open Source Microscope Cooked Up In FreeCAD | Hackaday
- History Of Closed Captions: The Analog Era | Hackaday
- Pcaps and the Tools That Love Them Part 3 of ??? - Security Boulevard
- 16 Basic Cron Command In Linux With Examples | LinuxTeck
- How to Speed Up an Ansible Playbook | Linux Today
- Figuring out the container runtime you are in – /home/liquidat
- 10 Commands to Collect System and Hardware Info in Linux
- How the CIS Foundations Benchmarks Are Key to Your Cloud Security
- Unlocking the Mysteries of the Fed's New CMMC Requirement - Anitian
- Managing scans using Python and the Acunetix API | Acunetix
- Japan’s Proactive Cybersecurity Measures Gain Upper Hand Against Threats | Votiro
- Q&A trip to Linux’s Black Hole - /dev/null | Linux Journal
- Kubernetes: Master Post Carnal0wnage - Blog Carnal0wnage Blog
- How To Cook Turkish Borek The Easy Way - foXnoMad
- CISO's Guide to Secure Software Development - Security Boulevard
- 5 Reasons CISOs Should Invest in Application Security
Drowning in Cybersecurity Data
The number of sensors generating security data keeps growing, including firewall logs, antivirus scan reports, insider threat reports, DLP logs, vulnerability scan data, modern persistent threats, server access logs, authentication logs and more. The variety, velocity and volume of data can quickly overwhelm security analysts. Automation and analytics can address this challenge.
Reactive and Passive Approaches are not Enough
Actions like logging, alerting and monitoring are not sufficient for security measures alone. Tools that can not only provide visibility but react to threats or incidents in near real-time are necessary to avoid damage. Advanced automated security operations and hands-on threat-hunting with swift incident responses are essential to safeguard digital assets.
Fragmentation and Chaos
As a CISO and their team persistently react to threats, they generate a disorganized digital mixture of HTML pages, PDF reports, XML extracts and CSV files. These reports, files or pages are tough to integrate, analyze and integrate into applications and strategies for generating automated responses.
The Shift from Discrete Security Events to Uninterrupted Security
The cloud and DevOps are increasingly enabling code deployments and facilitating dynamic environments that confront the conventional “certify once and monitor forever” waterfall security model. Modern applications and infrastructure and IT environments necessitate a proactive, dynamic and advanced security approach. Security-as-code is the only methodology that can scale and react on a real-time basis.
Data from Multiple Sources
CISOs possess two distinct sets of dashboards: one for internal and the other for external stakeholders. However, both these dashboards must operate based on the same underlying data sets. But this is not always the case; from simple spreadsheets to advanced BI tools, CISOs have data streaming in from multiple sources, making it difficult and complicated to secure necessary information and show analytical dashboards to the rest of the C-suite.
- Do we need humans for that job? Automation booms after COVID - Japan Today
- Filtering with Ansible’s selectattr()/rejectattr() when the tested attribute can be absent – 0xf8.org
- How to modify a list of dictionaries with Ansible – 0xf8.org
- An updated configuration file structure diagram for rspamd 1.9.0 – 0xf8.org
- 4n6k: Forensics Quickie: Methodology for Identifying "Clear Recent History" Settings for an Old Version of Firefox
- Critical Security Controls: Part 2 (with Brian Ventura) | Advanced Persistent Security
- Critical Security Controls: Part 1 (with Brian Ventura) | Advanced Persistent Security
- Defending Our State & Local Communities from Cyber Threats
- Networking Basics – CodingBee
- Identity and Access Management - who you are, and where you need to be
- Concretedog: Tool Tuesday - RS Pro Flat Nose Pliers
- GitHub - countercept/chainsaw: Rapidly Search and Hunt through Windows Event Logs
- packetsifterTool - A Tool To Aid Analysts In Sifting Through A Packet Capture (Pcap) To Find Noteworthy Traffic
- Chainsaw - the New Tool That Helps Incident Responding Teams
- MSSQL for Pentester: Abusing Trustworthy
- MSSQL for Pentester: Command Execution with External Scripts
- Meet Estefannie Explains it All - Raspberry Pi
- Expanding our free Isaac Computer Science platform with new GCSE content - Raspberry Pi
- Raspberry Pi thermal camera - Raspberry Pi
- Add face recognition with Raspberry Pi | Hackspace 38 - Raspberry Pi
- Guiding Principles For Your Digital Transformation Strategy - Security Boulevard
- 7 Ways to Defend Mobile Apps and APIs from Cyberattacks - Security Boulevard
- Windows Incident Response: On Writing DFIR Books, pt I
- You Don't Need to be CMMC Compliant, You Need to Be DFARS Compliant (A Kardashian Parable) | Pivot Point Security
- Best-Practice Password Policy and the Research Behind It | Pivot Point Security
- 75% of Apps in the Healthcare Industry Have a Security Vulnerability - Security Boulevard
- How to Build a DIY Mattress with Pocket Coil, Latex or Poly-Foam
- Advice for DIY mattress - The Mattress Underground
- Windows Incident Response: Tips for DFIR Analysts, pt II
- Windows Incident Response: Tips for DFIR Analysts
- ESXi SD-Card/USB boot devices unsupported in 7.0u3 · vNinja.net
- GoPurple - Yet Another Shellcode Runner Consists Of Different Techniques For Evaluating Detection Capabilities Of Endpoint Security Solutions
- Protecting CUI and the DoD Supply Chain | PreVeil
- Helping Contractors Achieve DFARS Compliance | PreVeil
- Can the healthcare industry stay ahead of cybercriminals? | Untangle
- How to cyber security: Containerizing fuzzing targets | Synopsys
- Discussing Cybersecurity Outcomes (Not Features) with CIOs - Security Boulevard
- Installing vRealize Automation 8.0 in a Home Lab | vLore Blog
- Nettacker - Automated Penetration Testing Framework
- Nettacker
- Proofpoint lawsuits underscore risk of employee offboarding | CSO Online
- 8 must-ask security analyst interview questions | CSO Online
- Run your small DNS server with MaraDNS - Virtual to the Core
- Architecture of Docker – Joseph Griffiths
- Building my own virtual lab in vCloud Director with Terraform - Virtual to the Core
- List all Databases and Their Associated Files | Chris Blogs
- After startup database with srvctl, sqlplus as sysdba results in ORA-12547: TNS:lost contact - Blog dbi services
- lost contact
- Ansible: How to work with inventory, variables, and facts - Anto ./ Online
- How to Succeed as a CISO in 2021 | Fidelis Cybersecurity
- Infrastructure Hygiene: Why It’s Critical for Protection - Security Boulevard
- 10 Reasons Check-the-Box Compliance Puts Your Organization at Risk - Security Boulevard
- Application Security in 2021 | Radware Blog
- When Organizations Take a Risk-First Approach to IT Compliance, They’re Better at Avoiding Security Incidents - Security Boulevard
- Getting Started with Web Application Security? A Developer’s Guide
- List of data breaches and cyber attacks in August 2021 – 61 million records
- China's key enforcement agencies and lessons learned from recent actions
- IG: DoD Did Not Properly Secure Access to VIP Records
- How to manage the growing costs of cyber security - IT Governance UK Blog
- Governments continue to eye data privacy, forcing CIOs to adapt
- House representatives sent a letter to Yahoo's CEO... from 2017 | Engadget
- Ransomware, data protection and compliance
- Transfer Impact Assessment Templates
- Visiting Ghent, Belgium with kids - Curious and Geeks
- Trash – a safer alternative to rm - Be smart(er than me), start trash-ing now! · Hook’s Humble Homepage
- Create a photo collage from the Linux command line | Opensource.com
- Why SAST and DAST are Crucial for the Applications? | Indusface Blog
- Dangerous defaults that put your IT environment at risk: IT security under attack - ManageEngine Blog
- New CISO Priorities of 2021 - Sonrai Security
- Adoption of Cybersecurity Insurance & its Role in the Modern World | Axio
- Can security and compliance for managed database services be simple? | Imperva
- Are Your IT Infrastructures 2021 Cybersecurity Compliant?
- Some Tips and Tricks for PMP Studies – Unadulterated Nerdery
- Top STIG – Part 6 (OS Accounts) | Late Night Oracle Blog
- Download Oracle software with the command line – Laurent Schneider
- Critical flaw in Atlassian Confluence actively exploited | CSO Online
- 9 notable government cybersecurity initiatives of 2021 | CSO Online
- CDPSE certification: Requirements, exam, and cost | CSO Online
- Setting Up Your Child for Success | Penniless Parenting
- Oracle Database 21c Is Here – Databases Are Fun
- Installing Multi-Factor Authentication for your Office 365 Users
- HCL Sametime Meetings monitoring for Kubernetes | IdoNotes (and sleep)
- Concretedog: Tool Tuesday - The Digital Multi Meter
- Cloud Computing Infrastructure: NetApp ONTAP 9 Simulator and Free eBook
- HDMI Dummy Plug Success with VNC! - MovingPackets.net
- Response to "Certifications Are Not A Big Deal. Stop Being a Princess About It." - MovingPackets.net
- Cranky Old Network Engineer Complains About The Youth Of Today - MovingPackets.net
- Heavy Strategy 008: Five Core Issues for IT Architects in 2021 — EtherealMind
- 5 Question on Cybersecurity — EtherealMind
- VMware Snapshot Size Powershell Nagios Script | Nerhood Weblog
- Open Systems SnapVault (OSSV) Web Reporting | Nerhood Weblog
- Network Janitor | The Smartest Guy in the Room
- Ubiquiti EdgeRouter Lite Setup Part 6: Odds and Ends
- Ubiquiti EdgeRouter Lite Setup Part 5: OpenVPN Setup
- Ubiquiti EdgeRouter Lite Setup Part 4: IPv6 Setup
- Ubiquiti EdgeRouter Lite Setup Part 3: VLAN Setup
- Ubiquiti EdgeRouter Lite Setup Part 2: Firewall Setup
- Ubiquiti EdgeRouter Lite Setup Part 1: The Basics
- Stretch's Hierarchy of Network Needs - PacketLife.net
- Mind Map for CCIE & CCNP Routing & Switching | neckercube.com: Jedadiah Casey
- Easy Disaster Recovery Plan | neckercube.com: Jedadiah Casey
- Soldering QFNs using solder paste and stencils – Matt's Tech Pages
- How to start blogging in 2021?
- Weight Loss and Personal Health
- Twelve Days of Cooking and Baking
- Using Ansible Automation Platform For Post Configuration With Red Hat Satellite Provisioning Via Callbacks | Greg Sowell Saves The World
- CCNA Training » Cloud & Virtualization Questions
- CCNA Training » Security Questions
- CCNA Training » Security Questions 2
- Import Into ServiceNow CMDB Via Ansible ServiceNow Collection | Greg Sowell Saves The World
- HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform | Threatpost
- 18 Recommended Open-Source Tools for Writers and content creators
- Enumerating .gov.af - vulns.xyz
- Network Controls in the DevSecOps life cycle
- Analyzing a High Rate of Paging
- The case for Collective Defense in the U.S. energy sector
- Securing the sudo to sudo_logsrvd connection • Sudo Blog
- HTTP Security Headers: Why? How? What? - Sylvain Kerkour
- 5 DevSecOps open source projects to know | The Enterprisers Project
- Clair
Sigstore
KubeLinter
Open Policy Agent and Gatekeeper
Falco
- 5 Popular Free And Open Source Project Management Tools
- Automate Red Hat JBoss Web Server deployments with Ansible | Red Hat Developer
- How to Create eLearning Platform with Moodle and ONLYOFFICE
- Best DNS Benchmark Tools 2021 | DNS Server & Speed Test
- Control your Raspberry Pi remotely with your smartphone | Opensource.com
- Hackers Could Increase Medication Doses Through Infusion Pump Flaws | WIRED
- How to replace a failed disk in a ZFS mirror | Jordan Elver | Ruby on Rails Developer, Bristol, UK
- HP H240 HBA Controller | Page 2 | TrueNAS Community
- HP/PMC SA in whitebox | ServeTheHome Forums
- HP Smart Storage Admin CLI (ssacli) installation and usage on Proxmox PVE (6.x) · GitHub
- What are container runtimes? | Opensource.com
- 20 essential Linux commands for every user | Opensource.com
- RSA/SHA1 signature type disabled by default in OpenSSH
- Must-have gear to make traveling with kids easier | Engadget
- Understand Your Staff: How Insiders Shape Defenses - Security Boulevard
- BSides Calgary 2020 - Josh Sokol's 'Architecting For Security In The Cloud' - Security Boulevard
- BSides Calgary 2020 - David Lindner's 'So You Are Comparing A WAF And RASP?' - Security Boulevard
- Security operations center, Part 2: Life of a SOC analyst - ManageEngine Blog
- The Ransomware Group Tactics which Maximise their Profitability - Security Boulevard
- Auckland University of Technology choose Koha Library System | Catalyst
- U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet.
- Why Do Chief Security Officers Leave Jobs So Often? - Security Boulevard
- “According to Radware’s 2018 State of Web Application Security report, 23 percent of companies reported executive firings related to application attacks. U.S. companies were more likely to say execs were let go after an incident, as were companies in the technology or financial services sectors.”
After a major security incident the team often gets resources and support to fix problems.
“less than 1 percent of CISOs are actually fired, though 12 percent believe they would be dismissed because of a breach, according to a 2015 IDC report.”
“recall occasions where their firm’s CISO was dismissed for poor reporting, exceeding their budget, not following business strategies or even spreading FUD (Fear, Uncertainty and Doubt) — rather than delivering practical solutions to these same problems. It was, as one CIO remarked, a case of the CISO ‘talking the talk, but not walking the walk.’”
You may agree with this or not, and you may think the statements trite and without detail, but heck, let’s hang this out there … in my view as a CISO, or indeed a chief information risk officer, you have to do four basic and foundational things:
Really understand the risks to your organization and where you sit against those risks
Educate the board, the management and the people in the organization
Provide pragmatic solutions and choices to the board, the management and the people in the organization
Beat the desk and beat it hard if you think there is unnecessary obstruction when it comes to dealing with the issues and making progress
- Eclipse Adoptium achieves its first Java SE release
- Hardening Executables
- How to optimize anything
- Docker Logs: What They Are and How to Use Them (with Examples)
- Learning by rewriting - bash, jq and fzf details
- How to Enable ZFS Compression
- From Google Cloud Blog: “New Cloud Security Podcast by Google is here” - Security Boulevard
- Sellers Buying 5-Star Amazon Reviews - Security Boulevard
- How to scan a Debian server for rootkits with Rkhunter – VITUX
- A beautiful power tool to scrape, clean, and combine data – Jon Udell
- https://workbenchdata.com/
- How to monitor disk space usage with shell script | 2DayGeek
- How To Mount Microsoft OneDrive In Linux | Itsubuntu.com
- PgBouncer changelog
- 10 Database Security Best Practices You Should Know
- 1. Deploy physical database security
2. Separate database servers
3. Set up an HTTPS proxy server
4. Avoid using default network ports
5. Use real-time database monitoring
6. Use database and web application firewalls
7. Deploy data encryption protocols
8. Create regular backups of your database
9. Keep applications up to date
10. Use strong user authentication
- Essential System Tools: dust - more intuitive version of du - LinuxLinks
- Security operations center, Part 3: Finding your weakest link - ManageEngine Blog
- How WAFs Can Mitigate The OWASP Top 10 | Radware Blog
- What is a Smart Card?
- Infrastructure Hygiene: Fixing Vulnerabilities - Security Boulevard
- Dijkstra’s Algorithm
- Experimenting with Python implementation of Host Identity Protocol | Linux Journal
- How to check memory usage per process in Linux | 2DayGeek
- Know your organization's rule makers and rule breakers | Opensource.com
- Memorial Health System Hit By Ransomware | Avast
- 6 Must-Have Open-Source Tools to Secure Your Linux Server
- 60% of Companies Go Out of Business After a Cyberattack - Security Boulevard
- Ask the Expert: Why is it critical that organizations mature their cyber risk program now?
- The Case for Collective Defense of the Public Sector - Security Boulevard
- Why Do Healthcare Departments Need Managed IT Services?
- Corporate Cyber Threats and the Need for Executive Protection - Constella
- Bash Redirection Explained With Examples - OSTechNix
- Three Key Questions to Define ICT Supply Chain Security - Lawfare
- History and the Recognition of the Taliban - Lawfare
- Neural Fuzzing: A Faster Way to Test Software Security | Linux Today
- Unsupported IoT Devices Are Cyber-Trouble Waiting To Happen | LinuxInsider
- DHT11 Humidity and Temperature Sensor With Raspberry PI Pico and MicroPython
- How to reformat 520 byte drives to 512 bytes (usually) - Hardware - Level1Techs Forums
- single version:
sg_format -v --format --size=512 /dev/sg2
loop for multiple
for disk in $(ls /dev/da{#first…#last}); do echo “>>> ${disk} <<<” && sg_format -v --format --size=512 ${disk}
; done
replace #first with your first drive number i.e. da0 and #last with the lastnumeber i.e. da12
- 3 Hiking Principles That Made Me a Better CISO - Security Boulevard
- Turning Mountains Into Hills
Read the Map, Read the Mountain
The Leader Must Not Fall
- HIPAA Security Requirements: What They Really Mean - Security Boulevard
- ENISA releases guidelines for healthcare services cloud security
- The stars are aligning for federal IT open source software adoption | TechCrunch
- IT careers: 3 key skills for remote jobs | The Enterprisers Project
- communication
character
listening
- Level up your Ansible skills while having fun: Sysadmin after dark | Enable Sysadmin
- Ricardo Gerardi
- How To Setup A Virtual Penetration Testing Lab - ByteXD
- How to detect and manage devices on Linux – VITUX
- udevadm info /dev/sda2
- Perform a vulnerability scan with Openscap scanner - Unixcop
- How To Install Elasticsearch on Debian 11 - idroot
- Setting Up an Effective Vulnerability Management Policy - Security Boulevard
- Compliance – The Invisible Hand Guiding Cybersecurity
- Reducing Cybersecurity Risk With Minimal Resources - Security Boulevard
- We use a periodic sampling approach from the many threat reporting sources (as part of our “CTI” program), then distill those results into the following current risk areas that we sense apply to most organizations:
Phishing: Over 90 percent of all security incidents start here (where someone will always “click”!)
Ransomware, including morphing malware/crypto-mining: It’s easy and profitable, and now comes with a data breach extortion threat too.
Poor cyberhygiene: known vulnerabilities not patched (98 percent of exploits use these)
Ineffective access controls: Identity is the new perimeter and core (ZTA) (e.g., we need multifactor authentication everywhere)
Hostile intruders: hackers, insider threats, careless users, any malicious user
Crime as a service: as now anyone can be a hacker, just pay the criminals
Internet of Things security: the many atypical computing devices connected to your network
Third-party/vendor access and risks: this is a major threat all by itself and accounts for half of all breaches
Regulation/compliance (e.g., GDPR, SOX, PCI DSS, etc.): Fines, loss of integrity/brand and competitiveness.
- Securing APIs: Application Architecture Disrupted - Security Boulevard
- AC.1.001 Basic Security Requirements (CMMC Level 1) - Security Boulevard
- Ghidra 101: Loading Windows Symbols (PDB files)
- Easy Scallion Rice Recipe- Gluten Free, Vegan, Soy Free | Penniless Parenting
- Issuing valid certificates for LAN-only websites :: Rafael Cavalcanti
- DNF Guide for Beginners with 20 Examples | Linux Today
- How to maximize data storage for microservices and Kubernetes, Part 1: An introduction | Red Hat Developer
- Top 14 Podcast Tools - best free podcast software - LinuxLinks
- Getting Started With Docker Containers: Beginners Guide - Front Page Linux
- President Biden is meeting with Apple, Google and Microsoft on cybersecurity | Engadget
- Data Brokers Are Advertising Data on U.S. Military Personnel - Lawfare
- How to Check and Improve Your Linux Boot Time
- DoD: Get Started With a CMMC Self-Assessment Now | Apptega - Security Boulevard
- Managing Security Debt: How to Reduce Security Deficit - Security Boulevard
- Historical Income Tax Rates and Brackets, 1862-2021 | Tax Foundation
- Microsoft GCC or GCC High for CMMC and DFARS Compliance? | Apptega - Security Boulevard
- The Three Components of the HIPAA Security Rule - JumpCloud
- SA.3.169 Community-based Threat Sharing (CMMC Level 3) - Security Boulevard
- German health system adopts Matrix | Joinup
- Website Vulnerability Assessment to Protect Website | Indusface Blog
- Book Review: Born Digital by Robert Wigley - Security Boulevard
- SI.1.210 System Integrity/Patching (CMMC Level 1) - Security Boulevard
- Peeling Back Your PKI Onion: Can I Trust My PKI? - Keyfactor - Security Boulevard
- Putting the Sec in DevSecOps - Security Boulevard
- CA.2.158 Ongoing Security Assessment (CMMC Level 2) - Security Boulevard
- Cyber Attacks and Ransomware in Healthcare | ARIA Cybersecurity - Security Boulevard
- Some open questions to consider as you evaluate the current state:
Do you have a way to recognize medical devices or IoMT devices as they enter your network? If so, can you also take these devices offline if you need to remediate possible threats?
Are you implementing OS, system and software patch updates as soon as manufacturers release them?
Is your staff regularly changing passwords to network systems and refraining from reusing passwords for different accounts?
Are you using multi-factor authentication whenever possible?
Have temporary and contract staff been authenticated as users accessing your network, and are they adhering to the same protocols as your permanent employees?
Have you identified critical assets in your network infrastructure (e.g., patient databases) and created the necessary backups offline and away from your network?
Are all of your antivirus and anti-malware solutions set to update and scan automatically?
Does your crisis management team include someone from your security team?
- Agile strategy: 3 hard truths | The Enterprisers Project
- 1. Leadership often serves as a barrier to agility
2. Agile takes time
3. All agile coaches are not created equal
- How to Monitor Log Files in Real Time in Linux [Desktop and Server]
- Virginia Enacts New Data Privacy Law - Security Boulevard
- Vulnerability Detection and Patching: A Survey Of The Enterprise Environment | Linux Journal
- Tesseract 5.0 OCR Engine Bringing Faster Performance With "Fast Floats" - Phoronix
- A beginner’s guide to Kubernetes
- Building RepRap 3D printer · GeekSocket
- NIST Password Guidelines 2021: Challenging Traditional Password Management — VeriClouds
- How to Strengthen Password Policies to Stay Compliant with GDPR
- Why is having a strong password policy essential?
According to the 2019 Verizon Data Breach Report, the most significant single factor leading to the breach of an organization are weak passwords, which they found to be the cause of 29% of breaches. Weak passwords are easily obtained by threat actors and used for credential stuffing and password spraying attacks which the European Data Protection Board has issued guidance saying are reportable breaches. If either of these happens, the organization will be held to the 72-hour reporting period and must notify all users that are potentially impacted by the attack that their data may have been compromised. Given the risks involved with allowing weak passwords and the potential repercussions of what may happen, it is essential strong password policies are not overlooked
- Cybercrime to cost over $10 Trillion by 2025 - Security Boulevard
- IR.2.092 Incident Preparation (CMMC Level 2) - Security Boulevard
- A Security Vulnerability Management Guide - Security Boulevard
- Container Security and Vulnerabilities - Security Boulevard
- How to Improve Your Cloud and Container Security - Security Boulevard
- I figured out how DMARC works, and it almost broke me | Simon Andrews
- Looking back on 30 years of Linux history with Red Hat's Richard Jones
- Planetary-Scale Computing – 9.95 PFLOPS & Position 40 on the TOP500 List | AWS News Blog
- Why backups are not just insurance policies in 2021 — ThinkCharles.net
- How to benchmark VMware vSAN the right way — ThinkCharles.net
- How to build a private cloud with VMware Cloud Foundation in 3 hours? — ThinkCharles.net
- 10 SCP Commands to Transfer Files/Folders in Linux
- How To Backup And Restore Linux System With Timeshift - OSTechNix
- Create Your Own Certificate Authority (CA) for Homelab Environment | Lisenet.com :: Linux | Security | Networking
- StartTLS in LDAP — Firstyear's blog-a-log
- Recognizing the Risks of the Cloud | Application Security | K2 Security
- Five Reasons EDR & EPP Solutions Cannot Protect Application Workloads - Security Boulevard
- 1. Applications on Server/Workloads are fundamentally different than those running on devices.
2. Exploits targeting servers and workloads are also fundamentally different.
3. The blacklisting model is old and doesn’t scale.
4. Reactive security models always fall behind.
5. Advanced exploits today bypass EDR security tools.
- Microsoft Azure Checklist: Expert Advice on Security - Sonrai Security
- A CISO’s Guide to Prevent Ransomware Attacks - Kratikal Blogs
- How to Build a Strong Information Security Policy | Hyperproof
- 3 Foundations of a Data Security Strategy - Security Boulevard
- Use a VPN
Deploy a DLP solution
Encrypt Sensitive Files
Encrypt in transit, encrypt at rest, and know where the data is going.
- NIST SP 800-172 release couldn’t come at a better time
- 800-171b is now 800-172
3PAudit + 800-171 + 800-172 = CMMC
- Securing APIs: Modern API Security - Security Boulevard
- Why Healthcare Security Requires an Operation-Centric Approach - Security Boulevard
- Anton’s Security Blog Quarterly Q1 2021 - Security Boulevard
- Five medical device security best practices | Synopsys
- 1. Establish a secure software development life cycle
2. Understand cloud security
3. Create logging and monitoring control
4. Use a secure operating system to build medical devices
5. Remember that deployment security is equally important
- All aboard the CMMC bandwagon! | Entrust Blog
- How to Delete Empty Lines in Files Using Grep, Sed, and Awk
- How to set up and use Python virtual environments for Ansible | Enable Sysadmin
- How to Install Plex Media Server on Ubuntu 20.04 LTS Server/Desktop
- Set Up Response Policy Zone (RPZ) in BIND Resolver on Debian/Ubuntu
- Penetration Testing Automation | Cybersecurity | CompTIA
- 25 Useful IPtable Firewall Rules Every Linux Administrator Should Know
- Best Digital Forensics Tools & Software 2021 | eSecurity Planet
- Building back better to modernise healthcare - VMware EMEA Blog
- Combating Cybersecurity Burnout Through Self-care, Empathy, and Empowerment | Security & Compliance Blog | VMware
- The World Health Organization defines burnout as a syndrome resulting from unmanaged workplace stress. Physical exhaustion and emotional exhaustion are critical components of that. In addition, ineffective work processes and workflow while “doing more with less,” can lead to a sense that decision-makers do not get it, or they do not care. That is when cynicism sets in.
- How to: 4 Ways to Cloud in 5 mins. (Multi, GCP, AVS, AWS)
- AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS) | AWS News Blog
- Monitoring processes inside a vm with PowerCLI | Virtu-Al.Net
- A Small Furniture Company in Hokkaido Created 5000 Medal Cases for the Tokyo Olympics - Spoon & Tamago
- What Is Real: Incident Responders Face Uptick in Time Stamp Manipulation | Security & Compliance Blog | VMware
- From the Canyon Edge: Working from Home: Lessons Learned Over 20 Years & a Shopping List
- Azure security 101: Security essentials, logs, authentication, and more - ManageEngine Blog
- System Hardening with DISA STIGs and CIS Benchmarks
- If your network or assets aren’t set up securely, they will always be vulnerable — no matter how much you spend on security solutions. That’s where system hardening comes in.
- A New York special: NYDFS cybersecurity regulation (23 NYCRR 500) – Reflectiz
- NYDFS
- Microsoft Word - SecurityOrb - Parent Child Online Agreement.docx - SecurityOrb-Parent-Child-Online-Agreement.pdf
- Getting to Know DevSecOps | Hyperproof
- 3 Best Practices for Building Secure Container Images
- Practice Vulnerability Scanning
Make the Container Images as Simple as Possible
Run the Container as Non-Root
Security as a Source of Trust
- 5 major benefits of early security testing | Acunetix
- Benefit 1: Simplifying Fixes
Benefit 2: Building Developer Responsibility
Benefit 3: Educating Developers on Security
Benefit 4: Saving Even More Time
Benefit 5: Avoiding Premeditated Exposure
- The Guide to Presenting Information Security's Business Value
- 1/3rd of Organizations Take No Action After Detecting a Cyber Attack
- Well that is depressing
- Ransomware Defense: Three Implementations Every Security Team Needs - Security Boulevard
- Cyber Resilience Starts With Visibility: How Risk Quantification is Imperative to Improving Security Posture - Security Boulevard
- ROC-n-SOC: Creating Risk Operations Centers to Support SOCs
- Malicious Life Podcast: The Story of L0pht Heavy Industries, Part 1 - Security Boulevard
- How Misconfigured Amazon S3 Buckets Can Lead to a Ransomware Attack - Security Boulevard
- Ensuring Security and Compliance for Global Healthcare - Security Boulevard
- How to Run a Security Tabletop Exercise | Hurricane Labs
- Continuous Compliance with CIS Benchmarks
- CISO Stories Podcast: Doing Security Before Security Was a Career Path - Security Boulevard
- How to Increase & Justify Your Cyber Security Budget | DFLabs
- Building a Security Conscious Workforce - Security Boulevard
- Three Years In: An Update on the Georgia Cyber Center - Security Boulevard
- Types of Penetration Testing, benefits and drawbacks | Indusface Blog
- Malicious Life Podcast: The Story of LØpht Heavy Industries, Part 2 - Security Boulevard
- Ghidra 101: Creating Structures in Ghidra | The State of Security
- GrammaTech Releases CodeSonar 6.0 with Improved Analysis, Visualization, Reporting and Unified Java Analysis - Security Boulevard
- 11 'df' Command To Check Disk Space In Linux With Examples | LinuxTeck
- Part-2: 25 Basic Linux Interview Questions & Answers | 2DayGeek
- Part-1: Basic 25 Linux Interview Questions and Answers | 2DayGeek
- What Is Cyber Command’s Role in Combating Ransomware? - Lawfare
- Why Van Buren Is Good News for Cybersecurity - Lawfare
- Responsible Cyber Offense - Lawfare
- On Sexual Harassment in Japan (Part 3): A Modest Proposal | This Japanese Life.
- On Sexual Harassment in Japan (Part 2): For ALTs | This Japanese Life.
- On Sexual Harassment in Japan (Part 1) | This Japanese Life.
- Penetration testing: A yearly physical for your applications
- Don’t Put Off Cybersecurity Incident Response Planning - Security Boulevard
- The NIST Incident Response Lifecycle contains four steps:
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
- 75% of Leaders Lack Confidence in Their Web Application Security
- Creating Cloud Security Policies that Work | The State of Security
- What to Expect from PCI DSS 4.0 - Security Boulevard
- While the main 12 requirements are not anticipated to change in any drastic way, one of the main goals that stands out is to “promote security as a continuous process.”
- What's Good for Fintech Is Good for All Our Clients - Ermetic
- Various Types of Software Bugs - Vol1 - Security Boulevard
- How Advanced Automation and New Technologies are Enabling Enterprises to Do More with Less
- The speed of business is fast – is your PKI keeping up? | Entrust Blog
- ABCs of UEBA: V is for Vulnerability | Gurucul Stops Zero Day Attacks
- How Frequently Should We Run a Vulnerability Scan? | Indusface Blog
- 1. Good Cyber Hygiene and Situational Awareness
2. Risk of Emerging Threats During the Scan Gaps
3. Compliance Standards
4. Major Infrastructural and Other Changes
5. Agility
- Securing APIs: Empowering Security - Security Boulevard
- The First Step to Achieving DevSecOps Is Shifting Security Culture Left - Security Boulevard
- How Organizations Can Change The Security Behavior of Their Employees? - Kratikal Blogs
- 6 Stages of Risk and Compliance Program Maturity and the Opportunities for Automation - Security Boulevard
- Cyberattacks can cost hospitals $47K per hour of downtime
- Seven survey insights:
1. Nearly half of the hospital executives surveyed (48 percent) were forced to or proactively shut down in the last six months because of cyberattacks or queries.
2. For hospitals that experienced a shutdown, large hospitals were shut down for 6.2 hours on average, which cost them about $21,500 per hour. Midsize hospitals were shut down for 10 hours on average at $45,700 per hour.
3. Even though cyberattacks are a prominent threat to hospitals, 60 percent of hospital IT teams have other spending priorities. Less than 11 percent of respondents said cybersecurity is a high priority spend.
4. Most hospitals are unprotected against common vulnerabilities. Three in 4 respondents said their hospital was not protected against NotPetya, followed by 64 percent of respondents who said their hospital is unprotected against WannaCry and 52 percent of respondents who are unprotected against Bluekeep.
5. Fifteen percent of respondents from midsize hospitals and 13 percent of respondents from large hospitals said they have no way to determine the number of inactive or active devices within their network.
6. Two in 3 IT teams said they are adequately staffed for cybersecurity.
7. More than half of respondents (58 percent) said they have cyber insurance.
- Taking Steps Toward an Impactful SASE Architecture - Security Boulevard
- Log Data is Not Effective as a Foundation for Prevention, Detection, Remediation or Analytics - Security Boulevard
- A Historical Perspective of Cybersecurity Frameworks | Axio
- When You Can’t Add Cybersecurity Staff Build Cyber-Resiliency Instead - Security Boulevard
- Ethics: University of Minnesota's hostile patches - Security Boulevard
- Developer Security Champions Rule the DevSecOps Revolution - Security Boulevard
- DevSecOps
- Three Best Practices When Accessing the Dark Web for Investigations - Security Boulevard
- Cyber Security for Manufacturing Firms: 5 Reasons & 5 Ways - Kratikal Blogs
- 1. The Rising Instances of Cyber Crimes
2. Manufacturing Industry Has a Lot to Offer
3. Manufacturing Firms are Vulnerable in Many Ways
4. Manufacturing Industry is Still Learning
5. Business Competition
- Why we use Containers and Kubernetes - an Overview - Security Boulevard
- Manual Security Audits vs. Continuous Audits - Sonrai Security
- Protecting Electronic Health Records (EHR) With Continuous Monitoring
- Why Ransomware Is Making Our Healthcare Worse - Security Boulevard
- Perspectives in Healthcare Security
- Important Strategies for Aligning Security With Business Objectives - Security Boulevard
- Domains and practices and levels – oh my! Making sense of CMMC | Entrust Blog
- Using Ikea Guts To Add Sonos Compatibility To A Vintage Speaker | Hackaday
- Random Robot Makes Random Art | Hackaday
- Julius Sumner Miller Made Physics Fun For Everyone | Hackaday
- The Soviet RBMK Reactor: 35 Years After The Chernobyl Disaster | Hackaday
- AVR Bare Metal With Lisp | Hackaday
- VCF Swap Meet Takes Step Back To Move Forward | Hackaday
- Linux Fu: A Little Bit Of (Network) History Repeating Itself | Hackaday
- Pi-Based Spectrometer Puts The Complexity In The Software | Hackaday
- Choosing a Cyber Security Framework | Web Application Security
- Diminish Your Vulnerability to School Ransomware Attacks in 10 Ways
- The Role of Translation in Cyber Security and Data Privacy - Security Boulevard
- The Civilian Cybersecurity Reserve: A National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government - Security Boulevard
- The Night Witches of WWII - Security Boulevard
- 7 Types of Phishing: How to Recognize Them & Stay Off the Hook - Security Boulevard
- Google noted a more than 600% spike in phishing attacks in 2020 compared to 2019 with a total of 2,145,013 phishing sites registered as of January 17, 2021, up from 1,690,000 on Jan 19, 2020. It is the gateway to many types of damaging cyberattack including ransomware, malware, business email compromise (BEC), spoofing, identity theft, brand impersonation and credential compromise.
- Protecting Industrial Control Systems Against Cyberattacks - Part 1 - Security Boulevard
- The Kubernetes Network Security Effect - Security Boulevard
- The Key to Cybersecurity is an Educated Workforce - Security Boulevard
- Workforce Cyber Intelligence 104: Examining Protection Against External & Internal Threats - Dtex Systems Inc
- Genetically Modified Mosquitos: Biohacking For Disease Prevention | Hackaday
- API Security Need to Know: Lessons Learned From the Peloton Security Incident | Cequence
- he API vulnerabilities that led to the Peloton disclosure can be mapped to the OWASP API Security Top 10 vulnerabilities:
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
API4:2019 Lack of Resources & Rate Limiting. Once discovered, a threat actor could scrap
- How to Improve Your Security Incident Response with Automation - Security Boulevard
- 6 Amazing Idea Generation Tips to End Your Creative Drought – Business
- Legacy Software Assessment: A Checklist for Enterprises – Business
- Happy SysAdmin Day – Reflections of a former SysAdmin » Welcome to vSphere-land!
- T-Mobile investigates claims of giant customer data breach | Engadget
- The History Of Neon Lights | Hackaday
- A Standing Desk On The Cheap | Hackaday
- Soil Moisture Sensors, How Do They Work? | Hackaday
- Should I Automate This? | Hackaday
- Practical Sensors: The Hall Effect | Hackaday
- 5 Top Cloud Security Threats and Tips to Mitigate Them - Security Boulevard
- 1. Unauthorized Access to Data
2. Distributed Denial of Service (DDoS) Attacks
3. Cloud Misconfiguration
4. Data Leaks and Data Breaches
5. Insecure API
- Taking Screenshots with EyeWitness | itsec.siers.ch
- What is the difference between VDI desktop virtualization and virtual machines
- Two year update: Building an Open Source Marketplace for Kubernetes
- The Need for A Cloud Native Tunnel
- XDR Demands a New Approach to Security—and Business - Security Boulevard
- What domain name to use for your home network
- home.arpa
- Hitting the Books: How a radio telescope cost this West Virginia town its modernity | Engadget
- Maintainance of GeoIP legacy databases | Blog of Patrick
- The history of VMware vSphere | VM Spot
- How Offensive AI Can Disarm Cybersecurity - Security Boulevard
- Demystifying SSD Security - Security Boulevard
- Can Managed Security Keep Businesses Safer? - Security Boulevard
- Growing Up With Computers | Hackaday
- The Other First Computer: Konrad Zuse And The Z3 | Hackaday
- Linux Fu: Databases Are Next-Level File Systems | Hackaday
- Don't look away - Open Canada
- Professional Certifications, Reboot! - Security Boulevard
- Achieving PCI DSS Compliant Firewalls within a Small Business - Security Boulevard
- Discarded Plastic Laser-Cut And Reassembled | Hackaday
- USB Rechargeable LiPo Pack for Original Gameboy | Hackaday.io
- DIY Fume Extractor Keeps Air Clean While You Solder | Hackaday
- The Story Behind Ohm’s Law | Hackaday
- Faulty Electrolytic Caps Don’t Always Look Bad | Hackaday
- What’s Chia, And Why Is It Eating All The Hard Drives? | Hackaday
- DIY Air Quality Sensor | Hackaday
- Throne Of Dev: An Endgame Office Chair | Hackaday
- Virginia Apgar May Have Saved Your Life | Hackaday
- How to Protect Medical Devices from Ransomware - Security Boulevard
- How to Interpret the Various Sections of the Cybersecurity Executive Order - Security Boulevard
- What is Application Security Testing and How Does it Affect Software? - ZeroNorth
- Static AppSec Testing (SAST) inspects the static source code of an application, testing the internal operations of the system, to report weaknesses in the software.
Dynamic AppSec Testing (DAST) focuses on behavioral testing of applications, which means it is based on software requirements and specifications.
Interactive AppSec Testing (IAST) tools combine the two approaches of SAST and DAST tools to find a broader range of security weaknesses and to provide important information on the root cause of vulnerabilities—including specific lines of problematic code.
Software Composition Analysis (SCA) tools help manage the use of open source components by performing automated scans of an application’s code base.
- Five Lessons from the JBS Attack for Securing the Manufacturing Supply Chain - Security Boulevard
- Lesson 1: Control Access to Ecosystem Applications
Lesson 2: Automate Identity Governance
Lesson 3: Strengthen Authentication
Lesson 4: Secure Non-Human Identities
Lesson 5: Modernize the Right Way
- How to Secure Jenkins Pipelines without the hassle - Security Boulevard
- Cybersecurity and Compliance for Healthcare Organizations
- The Perils of a Running Start: Can You Skip SOC 2 Type 1? - Security Boulevard
- Learn Ghidra from Your Home at Black Hat USA 2021
- 10 Most Common CMMC Compliance Questions | PreVeil
- Ghosts in the Machine – Looking at OT & IT Convergence
- 5 factors for evaluating an RMM tool for the modern MSP - ManageEngine Blog
- Healthcare cybersecurity: Our 6-step plan to secure healthcare data - ManageEngine Blog
- Scan for ePHI in your storage
Assess the risks associated with stored ePHI
Classify the files containing healthcare data
Audit all accesses to sensitive files
Monitor data uploads and downloads
Implement a data loss prevention (DLP) strategy
- Extending Visibility and Security to Network and Unmanaged Devices - Security Boulevard
- Sitdown with a SOC Star: 11 Questions With Siobhan Kelleher of Boston College - Siemplify
- Siobhan Kelleher
- Server Side Scans and File Integrity Monitoring
- 10 Things You Might Not Know About Cyber Essentials - Security Boulevard
- Four compliance considerations for government bidding | Entrust Blog
- 81% of Developers at Large Organizations Admit to Knowingly Releasing Vulnerable Applications - Security Boulevard
- How to Clear RAM Memory Cache, Buffer, and Swap on Linux
- #Clear PageCache only.
sync; echo 1 > /proc/sys/vm/drop_caches
#Clear dentries and inodes.
sync; echo 2 > /proc/sys/vm/drop_caches
#Clear pagecache, dentries, and inodes.
sync; echo 3 > /proc/sys/vm/drop_caches
- Subplot 0.2.2 released—acceptance testing tool
- My Pi-Hole Setup · vNinja.net
- Human Resources, Part 2 - Source Defense
- Randy Paszek
- Human Resources, Part 1 - Source Defense
- Oracle Auditing Part 1: Standard Auditing - Security Boulevard
- 5 Signs It’s Time for A Web Application Penetration Test - Security Boulevard
- Your System/ Service Is Going Live/ Into Production
You Have Made Significant Changes to Infrastructure/ Web Applications
Significant changes to the infrastructure or web applications include:
installation of new software/ infrastructure/ applications
modifications to code
old software being decommissioned
new third-party services onboarded
new physical office sites being added to the network
physical office relocation
introduction of new IoT devices into the system
network equipment changes, etc.
You Have Applied Security Patches
You Have Modified Policies
Your Industry Is Being Regularly Targeted
- Confidential Computing Consortium Adds End User Advisory Council - Security Boulevard
- Confidential Computing Consortium - Open Source Community
- Securing Single-Page Web Applications - Security Boulevard
- Evaluating XDR Against EDR, SIEM and SOAR Solutions - Security Boulevard
- Solarize your Home Lab, and your Home
- Understanding the Fundamentals of Cybersecurity Frameworks | Axio
- CMMC is not as scary as you think | Entrust Blog
- The Truth About Zero-day Vulnerabilities in Web Application Security | Indusface Blog
- The Top Three Weaknesses in Healthcare Cybersecurity - Security Boulevard
- Phishing Is a Rising Threat to Healthcare
Patient Portal Defenses Pose Major Cybersecurity Issues
Healthcare Browser Use Is Still a Serious Concern
- 5 Steps in Your CMMC Compliance Checklist | Apptega - Security Boulevard
- 1. Assess Your CUI
2. Leverage Other Federal Frameworks
3. Read the CMMC Appendices and Assessment Guides
4. Complete NIST Special Publication 800-171
5. Find the Right Partners
- New Age Network Detection: Introduction - Security Boulevard
- There is a lot to unpack there. What kind of actions should you be taking?
Shorter term: We’re particularly guilty of overestimating progress because most of the work we do is cloud security assessment and architecture, forcing us to live in the future. Yet, the cloud still makes up a tiny percentage of total workloads. Sure it’s growing fast, probably faster than anything we’ve seen from a technology disruption standpoint. But all the same, it will be years before corporate data centers are not a thing, and we don’t need those enterprise networks anymore. So we’ve got to continue protecting the existing networks, which continue to get faster and more encrypted, complicating detection.
Longer term: If we have underestimated progress over the next decade, that’s nuts since we’ve been pretty clear that how we build, deploy and manage technology will be fundamentally different over that period. If we step into the time machine and go back ten years, the progress is pretty incredible. For security, the APT was just getting started. Ransomware wasn’t a thing. AWS was in its early days, and Azure and GCP weren’t things. That means we need to ensure flexibility and agility in detecting attackers on a mostly cloud-based network, as progress doesn’t just apply to the defenders. Attackers will likewise discover and weaponize new techniques.
- Building a complete network security checklist - ManageEngine Blog
- SOC 2 Admin and Control Owner Responsibilities — and Tips for Passing an Audit - JumpCloud
- Three Steps to Meet Digital Healthcare Challenges in the Post-Pandemic Era - Security Boulevard
- With cybersecurity and digital experience at the forefront, I and my Accenture colleagues consistently hear healthcare leaders asking the following questions:
How do I know that the person online is who they say they are?
How do I protect my organization, yet make it frictionless for users to interact with us?
How do I allow my employees to do their work from home, yet still protect them and our organization’s assets?
What’s the fastest path to achieving the safety and security of sensitive patient data while meeting consumer (patient/member) experience demands?
Step One: Align Healthcare IT, Digital Experience Stakeholders, and Industry Experts
Step Two: Modernize IAM for Security and Experience on Your Terms
Step Three: Layer AI and ML On Top of Your Current Investments
- Ransomware Reshapes Health Care Security Landscape - Security Boulevard
- zations should also monitor all privileged accounts and critical systems for unusual behavior and educate users on typical phishing attacks, which are often a source of ransomware,” Dunne said. “In terms of preventing damage once ransomware has found its way on the network, security leaders should be putting into place practices and procedures related to backing up infrastructure from storage.”
- Acunetix introduces software composition analysis (SCA) | Acunetix
- ISO 27001 Certification Project Implementation Plan | Hyperproof
- 1. Secure executive buy-in in the beginning.
2. Hire an outside expert to conduct a gap analysis if you’re not familiar with ISO 27001 or comparable security compliance frameworks.
3. Appoint a project leader.
4. Be careful about scoping the ISMS.
5. Establish a risk management framework that meets the requirements of ISO 27001.
6. Break down control implementation work into smaller pieces. Use a visual project management tool to keep the project on track.
7. Map existing controls to ISO 27001 requirements.
8. Document things as you go so preparing the Risk Treatment Plan and Statement of Applicability (SoA) take less effort.
9. Consider scheduling multiple audits at the same time.
10. Use a compliance operations platform
- Analysis of 100 Data Breaches: Part 2, What are the root causes of breaches?
- Lessons Learned from 100 Data Breaches: Part 1, What Specific Types of Data Get Stolen?
- Lessons Learned from 100 Data Breaches: Part 3, Securing Public Cloud Services
- Introducing Student LogWars — A LogRhythm EDU Partnership Program | LogRhythm
- What’s new in v8 of the CIS Controls from the Center for Internet Security
- CISOs Say Application Security is Broken - Security Boulevard
- Designing and Building a Security Architecture - Security Boulevard
- Conceptual views focus on the business perspective for non-technical audiences.
Logical views dig into process, technology and people for business process owners.
Physical views describe the IT infrastructure for subject matter experts.
- Bell Labs, the Colonial Pipeline and Multi-Factor Authentication (MFA) - Security Boulevard
- 5 Tips and Tricks for Improving Cloud Native Security
- White House Cyber Memo Long Overdue for Business Executives | Axio
- A SOC Tried To Detect Threats in the Cloud … Your Won’t Believe What Happened Next - Security Boulevard
- Here, we wanted to quickly summarize some of the challenges, covering the usual range of people, tools, and processes:
Uncommon log collection methods (compared to on-premise systems). Cloud providers haven’t necessarily simplified this journey for customers, even though, compared to 2012, decent logs actually exist today in many cases.
Telemetry data volumes may be high (especially from all those web-facing production systems); this has sometimes led to “log fragmentation” where cloud logs never make it to a SIEM, but are left to rot in some storage buckets in the cloud.
Egress costs are there sometimes, especially if you want to move the logs from one cloud to another for analysis.
Alien licensing models for security tools (compared to on-premise), some teams can’t afford what they used to be able to afford on-premise or they can’t afford a new cloud-native tool in addition to the on-premise tool they already have.
Alien detection context — instances, containers, microservices, etc — has confused many teams born and raised on server names and IP addresses for context. This topic is big enough to be explored in a dedicated post later.
Lack of clarity on cloud detection use cases is there despite useful resources like ATT&CK Cloud. Sadly, cloud providers haven’t necessarily simplified this journey for customers either, and many traditional SOC teams are not sure what to detect in the environments that their business is using today (“is this container access bad?”).
Also, there is a lot of cloud; this means governance sprawl causes visibility gaps for the SOC. Examples include shadow IT (“BYOCloud” and SaaS purchased by departments) as well as other cloud sprawl (that is why people are reaching for all those novel attack surface management tools; this should help).
SOC teams lacking cloud skill in general; complex public/hybrid/multi — cloud scenarios require more extensive knowledge of various technologies, their security implications, diverse (and alien) data sources, while SOC teams are too busy doing D&R to grow their cloud skills.
For those organizations trying to stick to old on-premise tools many other challenges abound; tools don’t support many cloud telemetry sources — they lack collection machinery, parsing/analysis, use cases, useful visuals, etc. Also, log support is often not done at “cloud speed.”
Lack of input from SOCs into cloud decisions, ranging from provider choices to IT architecture (and even security architecture). Frankly, many SOC teams are too busy and too focused on threats and don’t have a dedicated headcount focused on preparing their organization for the cloud change …
- Ransomware Detection and Mitigation Strategies in OT/ICS Environments | LogRhythm
- Additional information for your zone configuration. | blog.moellenkamp.org/c0t0d0s0.org
- International Verify Your Backups Day - TidBITS
- CMMC-AB |
- Checklist for a successful network segmentation within a Health System - Forescout
- Five simple steps towards segmentation
1. Establish visibility
2. Classify
3. Visualize baseline traffic
4. Design and simulate
5. Monitor and respond
- Overcoming Compliance Issues in Cloud Computing
- DTEX C-InT Brief: Up to 60% of Employees Research or Trade Cryptocurrency on Corporate Devices - Dtex Systems Inc
- A Road to a Consistent Encryption Strategy | Entrust Blog
- 4 Ways CISOs Can Strengthen Their Security Resilience
- Increase Situational Awareness
Secure Workloads & Kubernetes Environments
Track Identities on the Move
Activate Your Threat Hunting Program
- 3 Common Cybersecurity Threats Must Worry About | Indusface Blog
- Phishing
Ransomware Attacks
Insider Threats
- Packet Captures in the Age of TLS - Security Boulevard
- A Logging History Lesson – From syslogd(8) to XDR - Security Boulevard
- Getting Ahead of Mandatory Cybersecurity Guidelines for Critical Industries - Ericom Blog
- New Requirements for Pipeline Companies
On May 28, 2021, TSA issued Security Directive Pipeline-2021-01. See the directive for details; in general, the new regulations include:
Companies must designate a Cybersecurity Coordinator who is to be available 24×7.
Cybersecurity incidents must be reported to CISA (Cybersecurity and Infrastructure Security Agency).
Companies will be required to review their cybersecurity measures and identify any gaps.
Identify remediation measures to address cyber-risks.
Report the results to TSA and CISA within 30 days.
- What are the keys to a successful cybersecurity strategy? Our CEO Ran Shahor Explains All - HolistiCyber
- So, the idea is to be better protected compared to others in your business environment, to be more efficient and optimize your cyber security defense budget.
They don’t look at the whole picture of the business environment, the main viable threats and come up with a relevant strategy. Building a cyber security strategy is the most cost efficient and secure way of moving forward.
One of the first challenges I encountered was when I needed to establish the division of the attack teams in the Israeli Military. This was at a time when the world was in the exceedingly early stages of public internet and mobile phone usage.
instead of doing what everybody else is doing, to offer a different, fresh, and effective approach
- How to Relieve Vendor Risk Assessment Headaches: Tips | Hyperproof
- Challenge #1: Maintaining an up-to-date list of vendors
Challenge #2: Developing a security questionnaire that generates meaningful insights about a vendor’s risk profile
Challenge #3: Managing remediation projects and monitoring vendors after on-boarding
Challenge #4: Providing proof of your vendor risk management activities for compliance purposes
- Why Now: How CyberSaint is Making Automated Risk Assessments Possible with NLP - Security Boulevard
- How to Pitch Your CFO on Automated Security Control Validation - AttackIQ
- Three Ransomware Attacks that Upped the Ante - Security Boulevard
- Installing Acunetix on Docker | Acunetix
- A Guide To Automated Continuous Security Testing - Security Boulevard
- Why Food and Agriculture Need to Accelerate Security Measures in the Second Half of 2021 - Security Boulevard
- Michelin Drives Sustainable Mobility Using Data and DevOps - Security Boulevard
- How to Build a Cybersecurity Culture - Security Boulevard
- Top 5 Physical Security Considerations - Security Boulevard
- Connecting RaaS, REvil, Kaseya and your security posture - Security Boulevard
- Cities Key in War on Ransomware, Neuberger Tells Mayors - Security Boulevard
- Using Fiberoptic cabling for Ethernet Networks | The Automation Blog
- Cockpit: manage ALL your servers – Marksei
- Troubleshooting Application Performance and Monitoring with Selenium
- Learn the Internet of Things with "IoT for Beginners" and Raspberry Pi - Raspberry Pi
- Collection of Raspberry Pi retro tech projects - Raspberry Pi
- Create secure code with Secure Code Bootcamp - Rule of Tech
- The Elephant in the Risk Governance Room - Security Boulevard
- Infographic - 7 Common SSL/TLS Certificate Errors and How to Avoid Them - Security Boulevard
- New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” - Security Boulevard
- So, please see a tiny subset of my favorite quotes from our paper:
“Autonomic Security Operations is a combination of philosophies, practices, and tools that improve an organization’s ability to withstand security attacks through an adaptive, agile, and highly automated approach to threat management. “
“An unfortunate common theme of many cloud transformations is that the SOC requirements get deprioritized when organizations have tight timelines and budgets to drive their teams to the cloud. The reason being, most SOC teams are too busy fighting fires and don’t have the spare cycles to focus on adapting their use cases to cloud workloads and modernizing their own infrastructure.”
“To be 10 times more effective with the people component, your SOC cannot achieve this by increasing the personnel by a factor of 10. As of today, both threats and technology resources that need effective security are increasing at a much faster pace than people entering the workforce. […] It is absolutely impossible for most organizations to 10x their headcount in a SOC.”
”At Google and across other industry-leading security operations teams, the role of an analyst is not simply to manage cases and perform tier-1 level work. Analysts are engineers, architects, project managers, and are empowered to be leaders of their subject matter focus. At such a SOC, the concept of Level 1 to Level 3 analysts is a thing of the past, rather, you should organize teams based on aligning skills to the use cases that fall under their purview.”
“The SOC can only truly be 10X and transformative if it also has strong influence over the upstream elements of the security lifecycle. You can make a significant impact on the amount of alerts that get into your SOC if your team has a strong integration with your DevOps practice. A deep understanding of how infrastructure and applications are securely built, deployed, and managed across your organization paired with your ability to influence this design can only improve your ability to catch attackers at their earliest onset, or even better, prevent them from getting in entirely.”
- Case Study: High Security Architecture for Healthcare Networks - Security Boulevard
- Best practices for IT teams to prevent ransomware attacks - Help Net Security
- To My Fellow CEOs: Cyber Security is Your Business Too! - Kratikal Blogs
- A Security Checklist for Your Startup - JumpCloud
- How Different Personality Types Cope with an Always-On Culture
- Focus their attention on the outside world of people and things (extraversion) or on their inner world of thoughts and feelings (introversion)
Trust and use information on the basis of experience and the evidence of their five senses (sensing) or consider the future and how things connect to form a big picture (intuition)
Make decisions on the basis of objective logic (thinking) or on the basis of their values and how the decision will affect people (feeling)
Live in a more structured, organized way (judging) or in a more flexible, spontaneous way (perceiving)
1. Create time and space to switch off.
2. Beware of information overload.
3. Create boundaries.
4. Find a work/life balance that suits you.
- How purple team operations helped defend the Pentagon - and can help your security team today. - AttackIQ
- Sitdown with a SOC Star: 13 Questions With Axel Schulz of the University of Toronto - Siemplify
- Still love the shared SOC concept.
- What to Consider When Crafting Your OSS Policy
- How To Clean Up Your Digital Footprint | Avast - Security Boulevard
- What to Know Before Your Business Moves to the Cloud - Security Boulevard
- Top 10 Tips to Fight OWASP Top 10 Vulnerabilities | Indusface Blog
- #1 Take a Zero-Trust Approach to Security
#2 Use a Next-Gen, Intuitive and Managed Web Application Firewall (WAF)
#3 Implement a Strong Password Policy and Multi-factor Authentication
#4 Encrypt all Sensitive Data
#5 Establish Proper Access Controls
#6 Input Validation is Critical
#7 Maintain High Standards of Cyber Hygiene
#8 Establish Effective Logging and Monitoring
#9 Regular Scanning, Audits and Pen-Tests
#10 Follow Secure Coding Practices
- Practical solutions for a secure automotive software development process following ISO/SAE 21434 | Synopsys
- ISO/SAE 21434
- Cloud (in)security: Avoiding common cloud misconfigurations
- R - Restrict Access by Least Privilege
E - Encrypt All Data At rest & Flight
D - Disable Cloud Resources That Are Not Needed
P - Prevent Access to Privileged Accounts
E - Ensure Encryption Keys are Rotated
N - Need NDR and HBM for 100% visibility into Layer 2 & 3
- An incomplete list of skills senior engineers need, beyond coding | by Camille Fournier | Medium
- Computer Security and Data Privacy, the perfect allianceSecurity Affairs
- The True Meaning of Technical Debt 💸 - by Luca Rossi - Refactoring
- He talks of disagreement between business needs and how the software has been written.
But how do we land to such disagreement? In my experience, there are two offenders:
🎨 Wrong Design — what we built was wrong from the start!
🏃 Rapid Evolution — we built the right thing, but the landscape changed quickly and made it obsolete.
- New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installsSecurity Affairs
- Dutch police arrested 2 people for the illegal sale of COVID-19 patient dataSecurity Affairs
- President Biden's Peloton exercise equipment under scrutinySecurity Affairs
- The 10 Best Practices for Remote Software Engineering | Opinion | Communications of the ACM
- Work on Things You Care About.
Define Goals for Yourself.
Define Productivity for Yourself.
Establish Routine and Environment.
Take Responsibility for Your Work.
Take Responsibility for Human Connection.
Practice Empathetic Review
Have Self-Compassion.
Learn to Say Yes, No, and Not Anymore.
Choose Correct Communication Channels.
- Modern Javascript: Everything you missed over the last 10 years by Sandro Turriate
- The UI & UX Tips Collection: Volume Two. | Marc Andrew
- GitHub - lirantal/awesome-nodejs-security: Awesome Node.js Security resources
- How to Handle Secrets on the Command Line
- Uncomplicate Security for developers using Reference Architectures | Medium
- Educating young people in AI, machine learning, and data science: new seminar series - Raspberry Pi
- MicroK8s: getting started with Kubernetes – Marksei
- Best Practices For Social Media Security
- Five Great Reads on eDiscovery for April 2021
- Microsoft 365 Security Best Practice – 10 Ways To Secure Your Microsoft 365
- PowerShell Event Log Mining • The Lonely Administrator
- Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021 - Security Boulevard
- Culture is Defined by the Worst Behavior Tolerated
- Java mon amour: AppDynamics presentation
- Ryobi battery won't charge? Two possible fixes - The Silicon Underground
- g enough for the good battery to transfer sufficient charge to the flat battery. Disconnect the wires, then put the flat battery in your charger to see if they get along now. If not, you can probably guess what’s next. Try every Ryobi charger you own. And if none of them want to play, you can try jump starting the battery again for another five minutes, but if the second jump start isn’t successful, the battery is probably too far gone.
- OODA Loop - Mitigating Cyber Risk In An Age of Continuous Crisis
- Linked: 1 in 4 employees say they still have access to accounts from past jobs, survey finds
- Josef “Jeff” Sipek » Explicit, Automatic, Magical, and Manual
- explicit & automatic = good
magical & manual = bad
Avoid Magical Behavior
Error Out when Uncertain
Provide Interfaces and Tools
Create Low-level Primitives
Avoid Commitment
Be Consistent
- Some notes on PWM on the Raspberry Pi · The Odd Bit
- Ansible for Infrastructure Testing · The Odd Bit
- Stupid Ansible Tricks: Running a role from the command line · The Odd Bit
- Defense Cybersecurity: Defense Logistics Agency Needs to Address Risk Management Deficiencies in Inventory Systems | U.S. GAO
- Cybersecurity: Federal Agencies Need to Implement Recommendations to Manage Supply Chain Risks | U.S. GAO
- Cyber Insurance: Insurers and Policyholders Face Challenges in an Evolving Market | U.S. GAO
- Software Development: DOD Faces Risks and Challenges in Implementing Modern Approaches and Addressing Cybersecurity Practices | U.S. GAO
- Cybersecurity and Information Technology: Federal Agencies Need to Strengthen Efforts to Address High-Risk Areas | U.S. GAO
- Cybersecurity: HHS Defined Roles and Responsibilities, but Can Further Improve Collaboration | U.S. GAO
- DIY air quality monitor – Dangerous Prototypes
- How to be a #DailyLearner | Don Jones
- Razor Tooth Pruning Saw | Cool Tools
- US healthcare: hazardous to your health – Countries Beginning with I
- Remote work: In any multinational, someone is always remote – Countries Beginning with I
- Improving the Deployment Experience of a Ten-Year Old Application - Code as Craft
- Prime Minister Boris Johnson wants to enhance UK cyber capabilitiesSecurity Affairs
- Data Breaches Tracker monitor unsecured ElasticSearch servers onlineSecurity Affairs
- Deploy SQL Server – The Ansible way! - Microsoft Tech Community
- .
- Kitchen Cleaning Hacks | Kitchn
- NPR : National Public Radio
- from Cool Tools
- Step by Step Guide to Setup LDAPS on Windows Server - Microsoft Tech Community
- Stain Devils | Cool Tools
- Increasing experimentation accuracy and speed by using control variates - Code as Craft
- CUPED
- Dedupe, or not dedupe – that is the question | Tony Yan
- WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERSSecurity Affairs
- Books With a Purpose That Can Help Shape Your Child’s Future | Penniless Parenting
- What Will Cybersecurity Look Like Over the Next Five Years? - Security Boulevard
- Top 20 Problems FIM Can Help Solve Part 1
- 1. SECURITY RISKS INCLUDING ZERO-DAY THREATS
2. 24x7 SITUATIONAL AWARENESS
3. CONCEPT OF "ZERO TRUST" SECURITY
4. INSIDER THREATS
5. SKILLS GAP
6. STAFF OVERLOADED
7. NETWORK NOT RESILIENT
- Essential Protection for Legacy Applications – Part 1 - Security Boulevard
- Microsoft is open sourcing CyberBattleSim SimulatorSecurity Affairs
- Six Terms to Up Your IoT Vocabulary - Security Boulevard
- Things: This is the “T” in IoT. It refers to any device, process, or machine that becomes part of the infrastructure or your organization and needs to be managed. The term is casually used in conversation, as in: “How many things do we have operating on our network?”
RPA: This acronym spells out Robotic Process Automation, which is the ability of a machine to consistently and repeatedly perform a pre-programmed task. Think of it as a claims agent process for an insurance company that can automate inputting claims faster and with fewer errors – far exceeding human capabilities. The next iteration of RPA involves artificial intelligence (AI), which moves RPA out of the static, rule-based arena and into self-driving IoT intelligence.
Identity of Things (IDoT): This term refers to identifying, registering, and managing the full lifecycle of all the “Things” in your domain, just like you do human identities. This term is sometimes derisively referred to as ‘IDIOT’, but there is nothing dumb about IDoT. In fact, it’s likely the future of IoT.
IoT IAM: This acronym is equivalent to the Internet of Things Identity and Access Management. That’s a mouthful, but just like IDoT, it’s another way to reference managing the full lifecycle of IoT devices on your network – when they join, move, and leave.
IIoT: This is the Industrial Internet of Things and refers to devices used in an industrial or manufacturing environment. Examples include valves, sensors, and instruments used to efficiently and safely run a factory. Another term to represent this is Industry 4.0.
Device posture: This is an endpoint security capability that proactively checks whether a device is in a fully secured state as a condition for allowing the device onto the network. If it still has a factory password or it does not have a proper certificate, it’s likely not getting on your network.
- Why Do Ransomware Attacks Keep Happening | Digital Defense, Inc.
- 1. Popular Ransomware Vectors are Nearly Impossible to Close.
2. Paying the Ransom Incentivizes Attackers.
3. Ransomware Attacks are Increasing and Evolving.
4.What Can Be Done to Reduce Ransomware Risk?
- Free Active Directory - 10 Users Free with JumpCloud - JumpCloud
- (1) New Message!
- three things to keep in mind about the shared responsibility model:
Although it may seem equal on paper and in visuals, a significant amount of responsibility, implementation and attack surface defense (?) is still on the customer. Don’t underestimate the time and resources you’ll need to invest for each cloud deployment — including any necessary training to bring your team up to speed.
Certain audit and compliance categories (control families) are made easier by shifting to the cloud via inherited controls from the cloud provider. Inherited controls can include patch management and configuration management and can translate to noticeable cost savings. While your infosec team should drive this strategy, it’s important to engage with other key groups in your organization, particularly the governance, risk and compliance (GRC) and legal departments. The internal audit team can prove especially helpful here. According to a 2018 Deloitte report, “while an organization’s information security group can build cloud monitoring capabilities, [the internal audit team] can assist and assess the effectiveness of the control environment and prevent the IT department being left out of the loop.”
Don’t assume the cloud provider holds sole liability in the event of a breach. Even if a scenario were to happen where the cloud provider was found to be at fault, the fallout would still potentially extend to your customers and your organization could be named in and class action lawsuits. In many jurisdictions, legal liability falls to the data owner (ie. the organization using the cloud services) rather than the CSP itself. In short, don’t be complacent. Paying attention to your role in the shared responsibility model can do more than keep your data secure; it can protect your organization in the event of a lawsuit.
- Demystifying the 18 Checks for Secure Scorecards - Security Boulevard
- SHOCKER: Senate Says Security Sucks—Still - Security Boulevard
- Elevating Web App Security to a National Priority - Security Boulevard
- Why Your Code Is A Graph. Graph structures and how they are used… | by Vickie Li | Jun, 2021 | ShiftLeft Blog
- The Software Bill of Materials and Software Development - Security Boulevard
- Why It's Critical For the Healthcare Sector to Reassess their Cybersecurity Posture
- HIPAA Penetration Testing - A Primer for Healthcare Security - Virtue Security
- For Hackers, APIs are Low-Hanging Fruit - Security Boulevard
- The time to prepare for CMMC is now – what we learned from Coalfire - Security Boulevard
- Closing the Developer Security Skills Gap | by Vickie Li | ShiftLeft Blog
- Cybersecurity report: Average household hit with 104 threats each month - TechRepublic
- Average household hit with 104 threats each month
- 5 building blocks of a well-developed security culture - TechRepublic
- How to develop a security culture
As to what a well-developed security culture consists of, Malik suggests the following building blocks are needed:
Compliance: Written security policies and the extent that employees must adhere to them.
Attitude: Individuals must develop a mindset--learned opinions reflecting the organization's security protocols--on what to do or say.
Behavior: When the time comes, employees must act or make decisions based on their learned opinions.
Cognition: Attitude and behavior are meaningless unless there is an understanding, knowledge, and awareness of security threats and issues.
Communication: Cybercriminal activity is not static, there must be methodology to share security-related information in a timely manner.
Malik warns, "All of these dimensions are inextricably interlinked; should one falter so too would the others."
- Beating the OWASP Benchmark. Achieving a best-in-class OWASP… | by Vickie Li | ShiftLeft Blog
- Intro to the Content Security Policy (CSP) | by Vickie Li | ShiftLeft Blog
- Managing Open Source Vulnerabilities | by Vickie Li | ShiftLeft Blog
- Application Security for builders and creators — part 2 | by Prabhu Subramanian | ShiftLeft Blog
- Application Security for builders and creators | by Prabhu Subramanian | ShiftLeft Blog
- Rashomon Effect and Product Management | by Alok Shukla | ShiftLeft Blog
- Intro to XXE Vulnerabilities: AppSec Simplified | by Vickie Li | ShiftLeft Blog
- Shifting Left : A Penetration Tester’s Journey to the Code Analysis Camp | by Vickie Li | ShiftLeft Blog
- Secure Developer Challenge May 2021 | by Vickie Li | ShiftLeft Blog
- 7 tactics for boosting the security of your APIs - TechRepublic
- Look at the traffic to your APIs
Set security standards for all APIs
Review authorization and authentication permissions
Bring the procurement team into the conversation
Do an API inventory
Invest in API tooling
Make security training for developers a priority
- Medical data security: Top 5 things to know - TechRepublic
- Container security: How to get the most out of best practices - TechRepublic
- Building a Security-First Culture | by Vickie Li | ShiftLeft Blog
- CISO Stories Podcast: Developing Secure Agile Code Quickly is Very Achievable - Security Boulevard
- Cybersecurity Insurers Are Putting an End to the ‘Pass the Buck’ Era - Security Boulevard
- How to Prevent Supply Chain Attacks by Securing DevOps | by The ShiftLeft Team | Jul, 2021 | ShiftLeft Blog
- Developer Education: Learning to Secure Code on Demand | by Katie Horne | Jul, 2021 | ShiftLeft Blog
- API Security 101: Broken Object Level Authorization | by Vickie Li | Jun, 2021 | ShiftLeft Blog
- SAST vs DAST vs SCA?. Do you know the difference? Test… | by Vickie Li | Jul, 2021 | ShiftLeft Blog
- API Security 101: Broken Function Level Authorization | by Vickie Li | Jul, 2021 | ShiftLeft Blog
- The Battle Between Linters, Scanners, and Data Flow Analysis | by Katie Horne | Jul, 2021 | ShiftLeft Blog
- API Security 101: Lack of Resources & Rate Limiting | by Vickie Li | Jul, 2021 | ShiftLeft Blog
- API Security 101: Excessive Data Exposure | by Vickie Li | Jul, 2021 | ShiftLeft Blog
- SAST vs. DAST vs. SCA: A Comparison | by Katie Horne | Jul, 2021 | ShiftLeft Blog
- API Security 101: Broken User Authentication | by Vickie Li | Jul, 2021 | ShiftLeft Blog
- Payment Security: Understanding the Four Corner Model - Security Boulevard
- Cybersecurity in Supply Chain Management, Risks to Consider - Security Boulevard
- The Growth of Vulnerability Assessment: A Look at What Nessus Offers Today - Blog | Tenable®
- More than 28,000 Nessus plugins and updates published by Tenable Research, which continues to lead the industry in CVE coverage, zero-day research and vulnerability management.
- Cyber Hygiene Essentials: What You Need to Know - Blog | Tenable®
- Cyber Hygiene Essentials: What You Need to Know
- NERC CIP-008-6: How Power Grid Operators Can Improve Their Incident Reporting
- The new NERC CIP-008-6 regulation challenges power grid operators to differentiate attempts to compromise their environment from other non-malicious cyber incidents.
- Securing Classified Telework: 3 Principles for Protecting Sensitive Data
- 1. Maintain good cyber hygiene
2. Outline vulnerability management procedures
3. Establish streamlined network visibility
- Protecting Your Cloud Assets: Where Do You Start?
- Three security challenges to address first
Your people are not talking to each other: I have seen firsthand the disconnect between the security team and the business units. As one of my IT buddies described it, "trying to work with the business groups is like walking my Yorkshire Terrier on a chilly winter morning. I pulled on the leash to go one way, my dog was pulling in the other direction because it didn't want to go along. At the end, we were both exhausted." In many companies, the security team and the cloud team operate in siloed business units. According to a recent Forrester Consulting study commissioned by Tenable, only half of the more than 400 security leaders surveyed say they work with other teams to align risk reduction objectives with business needs. When your teams are not working together, it is difficult for you to protect, control and gain visibility to your cloud assets, putting your security posture at risk.
Your business process has gaps: With an on-prem traditional network, it is relatively easy to keep track of workloads and applications. With cloud environments, it is difficult to know just how large your footprint might be. This is because non-IT functions such as marketing and developers often create (then sometimes abandon) cloud assets, making it difficult for you to have a realistic view of all your cloud inventory. For example, one organization I met with recently thought they had 2,000 cloud assets in AWS. After a discovery scan, they found close to 3,500 assets. After we investigated further, we found gaps in their business process with untagged cloud assets and lost child accounts. And this is not an uncommon finding in many organizations.
"You can't protect what you don't know about!": While this is almost a cliche, it is still very applicable when it comes to securing your cloud assets. Organizations are having a difficult time discovering and assessing ephemeral (short-lived) assets in dynamic cloud environments. According to the Forrester study, only 44% of more than 800 security and business leaders surveyed say their security team has good visibility into their organization's most critical assets. Yet, even when assets are discovered, Tenable's own research shows that only 20% of them are actually assessed for exposures. Why? Because the traditional method of vulnerability management for the cloud is difficult and time consuming. Scanners and agents need to be installed and new vulnerability detections can lag for several weeks. In short, traditional IT security is no match for the speed of the cloud.
- Free Certificate for IIS with Let’s Encrypt | PeteNetLive
- Hacking a X-RAY Machine with WHIDelite & EvilCrowRFSecurity Affairs
- PostgreSQL: Documentation: 9.1: SQL Dump
- Script to Collect Hardware Inventory Data
- Senate report warns of glaring cybersecurity holes at federal agencies | Engadget
- Telegraf / InfluxDB / Grafana | Nelson's log
- Using PowerCLI to Update ESXi License - Notes of a scripter
- HOWTO: Configure Accurate Time in Active Directory - The things that are better left unspoken
- Packet drop issue on HP Gen 9 \ Gen 10 servers running ESXi6.7. | Techbrainblog
- AxiDraw V3
- So where have I been? - Stuart Moore
- Lots of performance issues have become apparent when they aren’t being masked by a good fast network.
- My Grafana / Starlink setup | Nelson's log
- acme.sh – Stuff I'm Up To
- Fire Damages WebNX Utah Datacenter, Causes Extended Outage - LowEndBox
- Incremental Remote Backups Using rsnapshot - LowEndBox
- Twenty Years - Thomas LaRock
- Running Systems » Blog Archive » Better iostat visibility of ZFS vdevs
- USBGuard – Stuff I'm Up To
- Cloning with GParted – Stuff I'm Up To
- Outage at Akamai Takes Down Major Internet Sites - LowEndBox
- LUKS Encryption and LVM – Stuff I'm Up To
- New In Nessus: Find and Fix These 10 Active Directory Misconfigurations - Blog | Tenable®
- Oracle July 2021 Critical Patch Update Addresses 231 CVEs - Blog | Tenable®
- Focus on the Fundamentals: 6 Steps to Defend Against Ransomware - Blog | Tenable®
-
Scan often, scan everything
Harden AD to protect your crown jewels
De-escalate privilege escalation
Prioritize using prediction
Remediate like your organization depends upon it
Measure to improve your game
- The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk - Blog | Tenable®
- Attack Detection Fundamentals 2021: Azure - Lab #2
- Attack Detection Fundamentals 2021: Azure - Lab #1
- Attack Detection Fundamentals 2021: AWS - Lab #3
- Attack Detection Fundamentals 2021: AWS - Lab #2
- Attack Detection Fundamentals 2021: AWS - Lab #1
- Data poisoning in action
- An MSP and SMB guide to disaster preparation, recovery and remediation | Webroot
- Key questions
Who will be involved in recovery and communication when your DR plan is in action?
How much downtime can your organization withstand?
What service level agreement (SLA) do we need to provide to the business and users?
What users do we need to recover first?
What tools do we have to reduce risk and downtime within the environment?
How are user networks separated from operational or business networks?
How quickly can data protection tools get us up and running again?
Can users get their data back if an endpoint device is compromised?
Can we determine when the ransomware first hit the network or endpoint devices?
Are we able to stop the proliferation of ransomware or malware throughout the network?
Can we recover quickly to a specific point in time?
Can our users access their data from the cloud before it has been restored?
- Raspi-config's mostly undocumented non-interactive mode | Logan Marchione
- Homelab 10" mini-rack | Logan Marchione
- 5 Tips to get Better Efficacy out of Your IT Security Stack | Webroot
- Here are our top 5 tips for getting the best possible efficacy out of your IT security stack.
1. Partner with solution vendors who can guide you to the right setup.
2. Trust your tools, but make sure you’re using them wisely.
3. Consider whether EDR/MDR/ADR is right for you.
4. Lock down common security gaps.
5. Train your end users to avoid security risks.
- IBM Cost of a Data Breach study: Cost of a Data Breach hits record high during pandemicSecurity Affairs
- Infrastructure Hygiene: Fixing Vulnerabilities
- Learning In Public Helps Everyone — Ethan Banks
- If You Haven’t Checked Your Backups, They Probably Aren’t Working — Ethan Banks
- Free Networking Lab Images From Arista, Cisco, nVidia (Cumulus) — Ethan Banks
- A few HTTP Status Codes for the Vulgar-Minded – Jon Spraggins
- Best practices to backup VMware vSphere Virtual Machines - ITSMDaily.com
- 13 Stages of IT Burnout | KC's Blog
- How they swindle $100K without blinking an eye - Forensic Analysis of a BEC (Business Email Compromise) (III) - Security Art Work
- How they swindle $100K without blinking an eye - Forensic Analysis of a BEC (Business Email Compromise) (II) - Security Art Work
- How they swindle $100K without blinking an eye - Forensic Analysis of a BEC (Business Email Compromise) (I) - Security Art Work
- Matt Ventura's blog » Blog Archive » Homegrown ZFS-based Cloud Backup
- Oracle fixes critical RCE vulnerabilities in Weblogic ServerSecurity Affairs
- What Real Security and Compliance Look like when Managing 5000+ Endpoints | Webroot
- Ransomware ate my network (IV) - Security Art Work
- Ransomware ate my network (III) - Security Art Work
- Ransomware ate my network (II) - Security Art Work
- Ransomware ate my network (I) - Security Art Work
- Pentagon believes its precognitive AI can predict events 'days in advance' | Engadget
- Colorado Passes Consumer Privacy Law - Schneier on Security
- Disrupting Ransomware by Disrupting Bitcoin - Schneier on Security
- Candiru: Another Cyberweapons Arms Manufacturer - Schneier on Security
- The Real Reason Why Executives Ignore Security Priorities | Pivot Point Security
- What Objective Evidence Will You Need for Your CMMC Assessment? | Pivot Point Security
- Everything You Need to Know about NGINX Logs
- Troubleshoot ethernet cable wires without a Cable Tester using a Cisco Switch and the TDR Command – jasoncoltrin.com
- HOWTO: Calculate Elapsed Business Hours Using PowerShell – Please Work
- How to Backup (and Restore) Your Ubuntu Computer
- The Attention Economy And The IT Talent Dearth — Ethan Banks
- Freeze Your Credit Reports Before Identity Thieves Open Credit In Your Name — Ethan Banks
- ll three credit reporting agencies–Experian, TransUnion, and Equifax–allow you to place a freeze on the credit reporting data they gather. This means that hard inquiries will fail, making it highly unlikely that a lend
- What Makes A Senior IT Engineer “Senior”? — Ethan Banks
- Data-Driven Customer Lifetime Value
- E-Commerce is Dead, Long Live A-Commerce
- How to connect to a Windows Internal Database WID such as WSUS – Dimitri's Wanderings
- Data Quality Doesn't Matter
- Don’t super glue heatsinks to your Raspberry Pi
- Download Microsoft Security Compliance Toolkit 1.0 from Official Microsoft Download Center
- Raspberry Pi h̶e̶a̶t̶s̶i̶n̶k and case fan continued
- RemotePotato0: Privilege Escalation Vulnerability in Windows RPC Protocol | Born's Tech and Windows World
- RemotePotato0
- Expand the existing Swapfile on Linux » Cyberfella LIMITED
- Solid state drive/NVMe - ArchWiki
- The Kaseya Attack: What We Know Now – Risk Based Security
- Ballpark Costs for a CMMC Level 3 Assessment | Pivot Point Security
- WireGuard: very simple setup | Nelson's log
- Windows “PetitPotam” network attack – how to protect against it – Naked Security
- The Code Red worm 20 years on – what have we learned? – Naked Security
- CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF
- Amazon faces $888M GDPR fine
- Ransomware attacks leave organisations ‘barely able to keep up’
- PlugwalkJoe Does the Perp Walk – Krebs on Security
- PlugwalkJoe
- CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics
- Reconmap - VAPT (Vulnerability Assessment And Penetration Testing) Automation And Reporting Platform
- HOWTO: Force (really) WSUS Clients to Check in on Demand – Please Work
- Function Force-WSUSCheckin($Computer)
{
Invoke-Command -computername $Computer -scriptblock { Start-Service wuauserv -Verbose }
# Have to use psexec with the -s parameter as otherwise we receive an "Access denied" message loading the comobject
$Cmd = '$updateSession = new-object -com "Microsoft.Update.Session";$updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates'
& c:\bin\psexec.exe -s \\$Computer powershell.exe -command $Cmd
Write-host "Waiting 10 seconds for SyncUpdates webservice to complete to add to the wuauserv queue so that it can be reported on"
Start-sleep -seconds 10
Invoke-Command -computername $Computer -scriptblock
{
# Now that the system is told it CAN report in, run every permutation of commands to actually trigger the report in operation
wuauclt /detectnow
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
wuauclt /reportnow
c:\windows\system32\UsoClient.exe startscan
}
}
- HOWTO: Backup and View All Contents of an Android Device – Please Work
- How to install Tiny Tiny RSS on Debian 10 · GitHub
- Phishing Attack: Clinic Says 450,000 May Have Been Affected
- Insurer: Size of Claims Paid for Ransomware Attacks Declines
- Ace of Spades: Assassination of UN Secretary-General Dag Hammarskjöld | flyingpenguin
- DagHammarskjöld
- APT group hits IIS web servers with deserialization flaws and memory-resident malware | CSO Online
- 10 security tools all remote employees should have | CSO Online
- 10 top security tools for remote workers
Cybersecurity training
Digital wallets
Credit/digital identity monitoring
Password managers
Two-factor tokens
Antimalware software
VPN services
Backup solutions
Privacy screens
Laptops, phones, network hardware
- 8 Security Tools to be Unveiled at Black Hat USA
- Scrapesy
Blue Pigeon
Mushikago
PackageDNA
PurpleSharp 2.0
Git Wild Hunt
SimpleRisk
Cloud Sniper
- Biden memo, infrastructure deal deliver cybersecurity performance goals and money | CSO Online
- How to Phish for User Passwords with PowerShell - Black Hills Information Security
- 6 ways to develop a security culture in your organization
- 1. Instill the concept that security belongs to everyone
2. Focus on awareness and beyond
3. If you do not have a secure development lifecycle, get one now
4. Reward and recognize those people that do the right thing for security
5. Build security community
6. Make security fun and engaging
- Running FIPS 140 workloads on Ubuntu | Ubuntu
- Over 100 warship locations have been faked in one year | Engadget
- S11.4CS: General Administration - Packaging | blog.moellenkamp.org/c0t0d0s0.org
- 7 Foundations of OSINT – We are OSINTCurio.us
- 1. Curiosity
2. Diligence
3. Analytic and Intelligence Framework
4. Community and Networking
5. Technique and Tools
6. Ethics and Verification
7. Communication
- How to Repair Corrupted XFS Filesystem with xfs_repair
- WiFiWart Boots Linux, Moves To Next Design Phase | Hackaday
- Hotspot: How const Can Improve Performance - KDAB on Qt
- Seven (more) things I wish I'd known before becoming a sysadmin | Enable Sysadmin
- Slightly knowledgable users are the worst
Empowering them (within their limits) frees you.
Takeaway: Be thankful for the modern tools that remove the ability for users to experiment and generate support calls, and be equally thankful for the users who fix it themselves (within their security contexts).
Training is product specific, but the real world isn't
Takeaway: You gotta learn to integrate on your own.
If it plugs into the wall, IT owns it
Takeaway: Multiple Red Hat, CompTIA, Microsoft, and Cisco certifications taught me nothing about copiers.
IT is a budgetary black hole
Takeaway: Some decision-makers see IT as a budgetary black hole.
Project management is essential
Takeaway: Not all IT skills are technical—invest in project and service management knowledge. I'm actively pursuing a project management certification myself right now.
Users don't see security as their problem
Takeaway: We must continue to convince users that they are a critical part of security.
Winning the IT battle is a cultural thing, not a technical thing
Takeaway: Culture is at least as important as technology.
- LUNA multitool for hacking, building and analyzing USB - Geeky Gadgets
- ParData: A conduit for easy and standardized data set sharing – IBM Developer
- What do we call post-modern system administrators? | Opensource.com
- Does the image of a sysadmin crawling under the desk to fix broken cupholders still apply?
- 3 Useful Tips on How to Use History Command in Linux
- Success Story: Preparing for Kubernetes Certification Improves a Platform Development Engineer’s Skills - Linux.com
- A Dozen Business Solutions You Need. All on One Platform. | The Notes Guy in Seattle
- have been asking — begging — HCL that businesses don’t need platforms. They need solutions. Solutions to common business problems.
- JENKINS - some ways to restart manually Jenkins services - Blog dbi services
- Windows Incident Response: On #DFIR Analysis, pt III - Benefits of a Structured Model
- How to Use Apache JMeter to Load Test Web Applications - LinuxBabe
- 5 Phases of SharePoint implementation - SharePoint Maven
- Mongolian Chicken - Dinner at the Zoo
- Errata Security: Risk analysis for DEF CON 2021
- Bughound - Static Code Analysis Tool Based On Elasticsearch
- Wpscvn - Wpscvn Is A Tool For Pentesters, Website Owner To Test If Their Websites Had Some Vulnerable Plugins Or Themes
- Ireland AI Strategy (2021) « Oralytics
- Spam Kingpin Peter Levashov Gets Time Served – Krebs on Security
- Swatter Who Caused Man's Death Over @Tennessee Twitter Handle Is Going to Prison
- MIT Predicted in 1972 That Society Will Collapse This Century. New Research Shows We’re on Schedule.
- Arkime
- How To Restore The Default PiHole Block List - Kev Quirk
- Introducing The New Mac Plu.. Err... Mycroft Mark II!
- MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported!
- Beanshooter - JMX Enumeration And Attacking Tool
- CVE Prophet – JerryGamblin.com
- Acacia Wood Furniture: Pros and Cons to Know Before You Buy – World Interiors
- Tips For Maintaining Your Acacia Wood Furniture
Wipe the furniture daily with a soft cloth (a slightly moistened cloth is advisable to ensure all dust stays on the cloth).
No need to worry about water spillage due to our water-based lacquer finish.
Avoid exposing the wood to alcohol, deodorants, perfumes, nail varnishes and similar liquids. If spillage occurs, wipe immediately with a dry cloth. These liquids will pull moisture from wood when left, causing cracking. Alcohol such as red wine would also stain the wood.
Place your furniture carefully so that it’s not in contact with direct sunlight (this can cause fading and, in extreme cases, cracking).
Do not place furniture next to fireplaces or radiators as this can cause warping.
We recommend using placemats and coasters when resting hot drinks or dishes on the furniture.
We recommend occasionally rotating your acacia wood pieces to expose all angles to an equal amount of air and light to ensure even darkening over time.
Avoid all cleaning tools with a rough surface. This will wear down the finish and increase the likelihood of scratching.
Avoid polish or cleaning products containing silicone, which can dry out natural wood over time.
Do not use detergents or any cleaning products that contain ammonia. These will take moisture out of the wood and wear down the finish much faster.
Due to Acacia's natural scratch resistance, you don't need to worry too much about scratching. If a scratch does appear, use touch-up marker to conceal the scratch. Be sure to test the marker on an unseen part of the table, such as the underside, to ensure that the marker matches the finish.
- Terraguard - Create And Destroy Your Own VPN Service Using WireGuard
- Quote Details: Pablo Picasso: Computers are useless. They... - The Quotations Page
- "Computers are useless. They can only give you answers." - Pablo Picasso
- Saudi Aramco Traces Data Leak to Attack on Supplier
- Elekta Health Data Breach Victim Count Grows - HealthcareInfoSecurity
- Alert for Ransomware Attack Victims: Here's How to Respond
- Irish hospital sued by cancer patient after ransomware attack • Graham Cluley
- Not because of negligent treatment, but because some of his personal medical files were published on the dark web after the hospital suffered a ransomware attack earlier this year.
The middle-aged man who is at the centre of the case is choosing to remain anonymous for now, but his solicitor says that he has other clients in a similar situation who he expects to also take legal action:
- Errata Security: Ransomware: Quis custodiet ipsos custodes
- 6 resume mistakes CISOs still make | CSO Online
- Failing to show executive abilities
https://emtemp.gcom.cloud/ngw/globalassets/en/newsroom/images/graphs/ciso-effectiveness-olyaei.jpg
Leaving out achievements
Getting too techie
Leaving out experience with breaches and hacks
Making too little (or too much) of industry connections
Poor formatting, rookie mistakes and unintended misrepresentations
- Wireless Penetration Testing: SSID Discovery
- Wireless Penetration Testing: Wifite
- INTERPOL: International police coordination required to combat global cyberthreats | CSO Online
- Dead Drops and Security Through Obscurity | Daniel Miessler
- Cheers to the Winners of EFF's 13th Annual Cyberlaw Trivia Night | Electronic Frontier Foundation
- The cybersecurity of our medical health devices ~ Cyber Thoughts
- Move over XDR, it's time for security observability, prioritization, and validation (SOPV) | CSO Online
- security observability, prioritization, and validation (SOPV)
- Biden Administration announces flurry of new anti-ransomware efforts | CSO Online
- Securing CI/CD pipelines: 6 best practices | CSO Online
- 1. Stop storing secrets in CI/CD environments
2. Scrutinize automated pull requests and scheduled tasks
3. Harden and periodically audit your cloud-native containers
4. Integrate deep code scanning to automate code quality checks
5. Patch early against latest CI/CD tooling vulnerabilities
6. Verify integrity of updates before applying them
- NIST’s EO-mandated software security guidelines could be a game-changer | CSO Online
- NIST defined five objectives for the operational-only (not covering development and acquisition matters) security measures:
1. Protect EO-critical software and EO-critical software platforms (the platforms on which EO-critical software runs, such as endpoints, servers, and cloud resources) from unauthorized access and usage. Measures here include use of multi-factor authentication, following privileged access management principles, and employing boundary protection techniques.
2. Protect the confidentiality, integrity, and availability of data used by EO-critical software and EO-critical software platforms. Measures here include maintaining a data inventory, protecting data at rest and in transit, and back up data with a tested recovery plan.
3. Identify and maintain EO-critical software platforms and the software deployed to those platforms to protect the EO-critical software from exploitation. Measures here include maintaining a software inventory, have a patch management plan, and use configuration management practices.
4. Quickly detect, respond to, and recover from threats and incidents involving EO-critical software and EO-critical software platforms. Measures here include recording necessary logging information, continuous security monitoring, and using endpoint and network security protection.
5. Strengthen the understanding and performance of humans' actions that foster the security of EO-critical software and EO-critical software platforms. Measures here include training all users and administrators of EO-critical software and conducting frequent awareness activities.
- My thoughts on the “2021 Gartner Market Guide for Vulnerability Assessment”. What about the quality? | Alexander V. Leonov
- 8 biases that will kill your security program | CSO Online
- 1. Confirmation bias
2. Bandwagon bias
3. Hindsight bias
4. “They won't let us do that” bias
5. Anchoring bias
6. Business language bias
7. “Developers don't care about security” bias
8. Blind spot bias
- News about Windows 10 vulnerability HiveNightmare | Born's Tech and Windows World
- From Plex to Jellyfin Media Server
- Raspberry Pi 2 wireless temperature box
- What Is A Virtual Server? Types of Server Virtualization | ServerWatch
- It’s Linux – But On An ESP32 | Hackaday
- A case against security nihilism – A Few Thoughts on Cryptographic Engineering
- Ansible Infographic - Anto ./ Online
- (55) Timetrace: Track Your Work Day With Ease - YouTube
- How to View and Analyze Logs on Linux With journalctl
- akamai outage: Internet goes dark for many as Akamai suffers outage, IT News, ET CIO
- TT-RSS - ArchWiki
- Easy Gluten Free Vegan Ginger Snaps Recipe - Frugal and Delicious | Penniless Parenting
- vSpeaking Podcast: Top 10 VMware Admin Tools | VMware
- How I configure sshd at home – Blog FiascoBlog Fiasco
- VyOS and Mikrotik – VLAN-a-rama – blog.kroy.io
- VyOS from Scratch: Routing and VPS Edition – blog.kroy.io
- Adventures in mTLS Debugging
- 3 years of GDPR: Further ambiguity in companies | Born's Tech and Windows World
- Other key findings of the CrowdStrike survey on the GDPR:
27% of the German companies surveyed have not taken precautions in the event of a cyberattack. This puts Germany well above the international average – 15.9% of respondents gave this answer.
Fittingly, a total of 47.5% of respondents in Germany said that they tended not to see their company as a target of cyberattackers, or not at all. On average internationally, a total of only 30.33% of respondents shared this view about their company.
71% of respondents in Germany stated that their company had not yet been the victim of a cyberattack. This puts Germany well above the international average of 53.8% of respondents.
Only 82% of respondents in Germany are certain that the GDPR will continue to apply after Brexit. This view is shared by only 75.7% of respondents on average internationally.
- A Government Practitioner’s Guide to Countering Online Foreign Covert Influence - Lawfare
- 5 essential soft skills for sysadmin self-improvement | Enable Sysadmin
- 1. Methodical and organized
2. Collaboration and networking
3. Spoken and written communication
4. Problem-solving skills
5. Mental and physical health
- Nasty Linux systemd security bug revealed | ZDNet
- Ευάγγελος Μπαλάσκας - wireguard » Evaggelos Balaskas - System Engineer
- Terraform and AWS Lambda? Yep. You Can do that.
- New TKMR Podcast: "Does it Take 10,000 Hours to Become a Legal Tech Expert?" | DennisKennedy.Blog
- Journo who went to prison for 2 years for breaking US cyber-security law is jailed again • The Register
- Dealing with security vulnerabilities on data center servers requires more skilled staff - Help Net Security
- Checking Active TCP/IP Connections on Windows with PowerShell | Windows OS Hub
- Windows 10 upgrade breaks SAM access rights from 1809 upward, user access possible | Born's Tech and Windows World
- Software: Our grave as furture car owners? | Born's Tech and Windows World
- Warning against data theft from used cars | Born's Tech and Windows World
- The Ins and Outs of the VMware vCenter Converter [With Demos]
- Raspberry Pi History – Linux Hint
- Your Goto Guide for Working with Windows WMI Events and PowerShell
- The Essentials of Business Intelligence – Running Your Business
- The Internet is my computer
- 5 Crontab Examples to Help You Automate Linux Tasks
- 1. Cleaning Up /tmp Using a System-Wide Crontab
2. Database Backups Twice Daily
3. Checking Site Uptime With a Custom Script
4. Disk Space Reports via Email
5. Broadcast a Message at Specific Times
- Certificate Auto Enrollment from Samba – David Mulder
- Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug - The Record by Recorded Future
- Chris's Wiki :: blog/sysadmin/SyslogToOnePlace
- Can you Backup the Free Version of ESX 7? | PeteNetLive
- Back to the answer: Whoever started this rumour needs a percussive adjustment to the face, free ESX still cannot be backed up
- 24/7 availability and oncall - SysAdmin1138 Explains
- The July 2021 Patch Tuesday addresses twelve vulnerabilities for Domain Controllers running as DNS Servers - The things that are better left unspoken
- Chia Crypto Farming Wreaks Havoc in the Hard Drive Market - LowEndBox
- Manage ODA patching with Data Guard or Dbvisit Standby - Blog dbi services
- Database Patching Revisited : Take off and nuke the entire site from orbit…
- How to forget 10x engineers for the good of your team | The Enterprisers Project
- The idea of the “10x engineer” – those iconoclastic, almost mythical developers who can do the work of 10 people – has been plaguing Silicon Valley ever since. But in the last few years, it seems like every company in every industry is doggedly on the hunt for their 10x engineer. With the immense pressure on companies around the world to innovate faster through software, they have been led to believe that hiring only the most efficient developers will give them a competitive edge to supercharge their digital transformation.
1. Boost collaboration
2. Celebrate non-traditional backgrounds
3. Set talent up for success
- Mycroft, an open source voice assistant works with Linux smartphones like the PinePhone - Linux Smartphones
- 10 Open-source free Self-hosted Document Search Engines
- White House blames China for Microsoft Exchange cyberattacks | Engadget
- Arduino Cable Tracer Helps Diagnose Broken USB Cables | Hackaday
- Heroes Of Hardware Revolution: Bob Widlar | Hackaday
- widlarize - You take it over to the anvil part of the vice, and you beat on it with a hammer, until it is all crunched down to tiny little pieces, so small that you don’t even have to sweep it off the floor. It makes you feel better. And you know that that component will never vex you again.
- ITAD: IT asset disposal is a security risk to take seriously | CSO Online
- Then there is the case of ShopRite, which found itself on the receiving end of a monetary fine for “failing to properly dispose of electronic devices used to collect the signatures and purchase information of pharmacy customers.” The New Jersey attorney general noted how the company had tossed the devices into a dumpster without wiping them of the sensitive data.
The House and Human Services Office of Civil Rights slapped Filefax, a company that had shuttered its doors with a monetary fine for mishandling protected health information (PHI). They had arranged to have medical records destroyed by a contractor, drove the records to the facility, and left it unattended overnight in an unlocked truck—good intentions with lousy execution.
- Cleanup IIS Log using PowerShell – Ingo Karstein
- Set TLS Version in PowerShell – Ingo Karstein
- Windows 10 20H2
- Introduction To Ansible Automation Platform | Linux Today
- Creating audiobooks | Toby Kurien
- Could ‘culture-as-a-service’ be part of the future of work?
- Thoughts about RAM and Storage Changes « etbe - Russell Coker
- Windows vulnerability PrintNightmare: It’s not over yet (July 15, 2021) | Born's Tech and Windows World
- Benjamin Delpy, the mimikatz developer among others, posted a video on Twitter yesterday via the following tweet showing how he can install a printer driver as the default user on a fully patched system.
- Chris's Wiki :: blog/linux/UdevNetworkDeviceNaming
- Tarsnap: Cloud Backups for the Truly Paranoid - LowEndBox
- Broccoli, Bok Choy, and Mushroom Stir Fry with Beef Recipe -- Gluten Free, Allergy Friendly | Penniless Parenting
- Chris's Wiki :: blog/sysadmin/SyslogLogEverythingSomewhere
- Japan breaks internet speed record with a 319Tbps data transfer | Engadget
- Motherboard reports that scientists at Japan's National institute of Information and Communications Technology (NICT) have smashed the internet transfer record by shuffling data at 319Tbps. For context, that's almost twice as fast as the 179Tbps a team of British and Japanese researchers managed in August 2020.
- Amazon Simple Queue Service (SQS) – 15 Years and Still Queueing! | AWS News Blog
- What sys admins need to know about cloud, containers and career moves
- 1. Extend your technical prowess with new concepts and operating models.
2. Explore cloud-native tech for your next career step.
3. Don’t discount your on-prem knowledge and experience.
4. Rely on your community.
5. Put your curiosity to work.
- DIY lithium powered lawn mower - Meatball Racing
- Upgrading an electric lawn mower to lithium batteries | KuzyaTech
- Hospitals launch antitrust lawsuit against Intuitive Surgical - Axios
- CISO MindMap 2021: What do InfoSec professionals really do?Rafeeq Rehman – Personal Blog
- Should We Security Patch Oracle Databases?
- 10 signs of an IT leader with a growth mindset | The Enterprisers Project
- 10 signs of a growth mindset
1. Curiosity
2. Desire for more
3. Creativity
4. Courage
5. Openness to possibilities
6. Compassion and resilience
7. Appreciation for serendipity
8. Optimism
9. Comfort with discomfort
10. Open-mindedness and self-awareness
- Connecticut Becomes Third State to Incentivize Cybersecurity Best Practices for Businesses
- Subscription Changes for Computer Backup
- Navigating Active Directory Security: Dangers and Defenses
- Sx - Fast, Modern, Easy-To-Use Network Scanner
- Deploy a Kubernetes Cluster using Ansible - buildVirtual
- The Kaseya Attack: Everything to Know – Risk Based Security
- 11 technologies improving database security | CSO Online
- 1. Basic encryption
2. Differential privacy
3. Hash functions
4. Digital signatures
5. SNARKs
succinct non-interactive argument of knowledge (SNARK)
“zero knowledge proof” (ZKP)
6. Homomorphic encryption
7. Federated processing
8. Fully distributed databases
9. Synthetic data
10. Intermediaries and proxies
11. No data
In some extreme cases when compliance makes it possible and the users are willing to accept less personalized service, deleting the database can do the most for privacy.
- How to install Siege on Ubuntu – Linux Hint
- Set up temperature sensors in your home with a Raspberry Pi | Opensource.com
- Teradata customers express terror as field-based hardware support outsourced to IBM on both sides of the pond • The Register
- Event recap: “Cyber Strategy in the Biden Era: A Conversation with Anne Neuberger”
- Protecting Your Windows Servers & Clients from the PrintNightmare Vulnerability | Alexander's Blog
- CISO_Job_MindMap_Rafeeq_Rehman_v_2021.png (PNG Image, 2062 × 3160 pixels)
- ToolsWatch.org » Top 10 Most Exploited Vulnerabilities in 2020
- 1- CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability
(codename: SMBGhost)
2- CVE-2020-5902: F5 Networks BIG-IP TMUI RCE vulnerability
3- CVE-2020-1472: Microsoft Netlogon Elevation of Privilege
(codename: Zerologon)
4- CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability
(codename: CurveBall)
5- CVE-2020-14882: Oracle WebLogic Server RCE
6- CVE-2020-1938: Apache Tomcat AJP File Read/Inclusion Vulnerability
(codename: GhostCat)
7- CVE-2020-3452: Cisco ASA and Firepower Path Traversal Vulnerability
8- CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution
9- CVE-2020-16898: Windows TCP/IP Vulnerability
(codename: Bad Neighbor)
10- CVE-2020-11651: SaltStack RCE Authentication Bypass
10- CVE-2020-1350: Critical Windows DNS Server RCE.
(codename: SIGRed)
- Children report 2021 | Securelist
- IT threat evolution Q1 2021 | Securelist
- Kaspersky Security Bulletin 2020-2021. EU statistics | Securelist
- Ransomware by the numbers: Reassessing the threat’s global impact | Securelist
- Privacy predictions for 2021 | Securelist
- The future of cyberconflicts | Securelist
- Healthcare security in 2021 | Securelist
- The story of the year: remote work | Securelist
- InfoSec Handlers Diary Blog
- Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers | Alexander V. Leonov
- RemotePotato0 - Just Another "Won't Fix" Windows Privilege Escalation From User To Domain Admin
- Military Cryptanalytics, Part III - Schneier on Security
- Amazon Has Trucks Filled with Hard Drives and an Armed Guard - Schneier on Security
- A Cybersecurity Policy Agenda - Schneier on Security
- Education and Workforce Development
Public Core Resilience
Supply Chain Security
Measuring Cybersecurity
Promoting Operational Collaboration
- Virginia Data Privacy Law - Schneier on Security
- How to Edit the Windows Registry Completely Offline
- Kaseya VSA has been hit with a ransomware attack @ AskWoody
- Print Nightmare is going to be a nightmare @ AskWoody
- Details of the REvil Ransomware Attack - Schneier on Security
- Why Averages suck and what make Percentiles great – data-nerd.blog
- The Chaos PrintNightmare Emergency Update (July 6/7, 2021) | Born's Tech and Windows World
- Chris's Wiki :: blog/linux/InitramfsHidesOldThings
- The History of Plastics in Computing - krypted
- Chris's Wiki :: blog/sysadmin/AmandaLosingTrackOfWhy
- Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare) | Securelist
- Tools and Jewels
- Introduction to ICS Security | SANS Institute
- SANS Institute Healthcare Security Resources
- Accessing Web APIs with PowerShell | Clay Risenhoover | SANS Institute
- Using the VMWare PowerCLI modules to Measure VMWare Compliance | SANS Institute | Clay Risenhoover
- PowerShell Tools I Use for Audit and Compliance Measurement | Clay Risenhoover | SANS Institute
- Open Source Software and Maturity Model – The Right Security – Risk Based Security
- Vulnerability QuickView – May 2021 – Risk Based Security
- Beyond the Technical - Advise for those starting in Infosec
- Always the soft skills
- Create a central VMware Tools repository - ivobeerens.nl
- Virtualization The Future: Free Training from VMware - Docker Fundamentals
- Please try Subplot, for acceptance criteria
- OPSWAT | Infographic: Emerging Cybersecurity Trends, Challenges and…
- ISO 27701 Privacy Extension “Lessons Learned”: Data Mapping | Pivot Point Security
- FedRAMP Authorization - Key Players and How They Relate | Pivot Point Security
- FedRAMP Authorization - Key Players and How They Relate | Pivot Point Security
- CMMC Situational Awareness Domain: Summary | Pivot Point Security
- A Risk-Based Approach to “Doing Less” with Cybersecurity | Pivot Point Security
- 3 Steps to Success with OWASP Guidance for WebAppSec | Pivot Point Security
- What Every DIB Org Needs to Do NOW If You Have a DFARS 7012 Clause in ANY of Your DoD Contracts | Pivot Point Security
- 4 Top Tools for Maximum CMMC Compliance Benefit with Minimum Effort | Pivot Point Security
- SASE: Technology, Transport and ServiceRafeeq Rehman – Personal Blog
- StateRAMP Security Categories: Low, Moderate, High and “Just Right” | Pivot Point Security
- “StateRAMP Verified” and “StateRAMP Ready”: 2 Paths to SLED Security Verification for CSPs | Pivot Point Security
- How To Install VMware vCenter 7 Appliance via GUI and CLI
- What is the Expected Level of Effort for a CMMC Level 3 Assessment? | Pivot Point Security
- Here’s What Your CMMC Level 3 Readiness Assessment Will Look Like | Pivot Point Security
- S3 Ep10.5: “20 years of cyberthreats that shaped infosec” [Podcast] – Naked Security
- Create a USB Mouse Jiggler to Keep a Target Computer from Falling Asleep (& Prank Friends Too) « Null Byte :: WonderHowTo
- Null Byte's Hacker Guide to Buying an ESP32 Camera Module That's Right for Your Project « Null Byte :: WonderHowTo
- Locking Down Linux: Using Ubuntu as Your Primary OS, Part 4 (Auditing, Antivirus & Monitoring) « Null Byte :: WonderHowTo
- Locking Down Linux: Using Ubuntu as Your Primary OS, Part 3 (Application Hardening & Sandboxing) « Null Byte :: WonderHowTo
- Locking Down Linux: Using Ubuntu as Your Primary OS, Part 2 (Network Attack Defense) « Null Byte :: WonderHowTo
- Locking Down Linux: Using Ubuntu as Your Primary OS, Part 1 (Physical Attack Defense) « Null Byte :: WonderHowTo
- The Man Who Helped Turn 4chan Into the Internet's Racist Engine
- Serious Security: Rowhammer is back, but now it’s called SMASH – Naked Security
- Cybersecurity tips for university students – Naked Security
- 1. Stick to HTTPS websites
2. Be cautious about scams
3. Log out or lock your computer when you’re not using it
4. Get yourself a good password manager
- Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
- JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm
- White House Advises Mayors to Review the US cybersecurity
- Anne Neuberger outlined as well the Administration’s ransomware strategy, which includes:
disruption of ransomware infrastructure and actors by working closely with the private sector;
international cooperation to hold countries who harbor ransom actors accountable;
expanding cryptocurrency analysis to find and pursue criminal transactions;
and the federal government’s review to build a cohesive and consistent approach towards ransom payments.
Back in June, The Deputy National Security Advisor urged the US business leaders and corporate executives to take ransomware seriously, after the damages seen in the aftermath of the Colonial Pipeline and JBS ransomware attacks.
- 25 Gigabit Linux internet router PC build - Michael Stapelberg
- Ethernet was slower only in one direction on one device | Jeff Geerling
- Always start with the patch cables. Then look at your equipment. Then check your drivers and device CPU/statistics. Then check transceivers, then jacks, terminations, and finally cabling. Networking can be... fun.
- Android backups with rsync | The bright side
- Salus - Security Scanner Coordinator
- Security Scorecards - Security Health Metrics For Open Source
- The-Bastion - Authentication, Authorization, Traceability And Auditability For SSH Accesses
- SecAware blog: Managing certainty
- Expert Analysis: The Battle Against Ransomware
- Healthcare Workers Allege Amazon Alexa Violates Privacy
- "The physician may have a good argument for misrepresentation by Amazon, but there is an equally coherent argument that the physician - or anyone handling confidential/sensitive information, including attorneys … failed to implement commercially reasonable security."
Teppler adds: "There are privacy issues involved with any 'smart' device or service, because it involves the exchange of information. It should come as no surprise that the 'smarter' the device or service, the more information it will collect, and likely seek to further monetize."
- Researchers: Microsoft 'PrintNightmare' Patch Is Incomplete
- Interpol Calls For New Ransomware Mitigation Strategy
- Rainbow tables explained: How they work and why they're (mostly) obsolete | CSO Online
- Jeremi Gosney, founder and CEO of distributed password cracking company Terahash, concurs. “Modern password cracking is highly dynamic, and requires agility, flexibility, and scalability. Rainbow tables are static, rigid, and not at all scalable—they are the antithesis of modern password cracking. Even if you don’t have the horsepower of GPUs, employing modern techniques will still net you a far higher hash yield than rainbow tables will.” Probabilistic candidate generation, rules, hybrid attacks, and now even machine learning candidate generation are far superior to rainbow tables, he says.
- How to check for Active Directory Certificate Services misconfigurations | CSO Online
- Certify and ForgeCert,
- Database Upgrades : It’s been a long road getting from there to here
- Erman Arslan's Oracle Blog: Recoverability Roadmaps & Remediation Options - Oracle, Systems, Apps Technology, Virtualization and Engineered Systems
- Erman Arslan's Oracle Blog: OVM Manager / Weblogic -- CVE-2019-2725 / deserialization - remote code execution vulnerability
- PrintNightmare vulnerability explained: Exploits, patches, and workarounds | CSO Online
- Raspberry Digital Signage 16.0 released – Binary Emotions
- Convergence & Complexity Go Hand In Hand — EtherealMind
- VARs See You As Technical Debt | The Networking Nerd
- Kaseya was warned about security flaws years ahead of ransomware attack | Engadget
- Cybersecurity Game Aims to Train 25K Specialists by 2025
- NCSF’s free online cybersecurity training game — called CyberStart — is intended to do just that by enticing high school and college students into the subject while teaching them the ropes.
- Index PnP - An open-source pick-and-place machine for mid-scale manufacturing - CNX Software
- Follow-up to the Kaseya supply chain attack | Born's Tech and Windows World
- Setting up PCP and Grafana metrics with Cockpit — Cockpit Project
- Open source tools and tips for improving your Linux PC's performance | Opensource.com
- How to build a blockbuster internal IT talent program: 8 tips | The Enterprisers Project
- 1. Know your mission
2. Create a learning culture
3. Tap into what your team wants to learn
4. Focus on important non-technical skills
5. Secure adequate resources
6. Develop a brand that reflects a commitment to growth
7. Keep investing
8. Get started, even if you start small
- Tips for Managing Encryption Keys
- Ransomware attacks leave cybersecurity experts 'barely able to keep up'
- What you need to know about security policies | Opensource.com
- The ever-evolving IT job role: system administrator | Enable Sysadmin
- REvil victims are refusing to pay after flawed Kaseya ransomware attack
- Lessons in openness from Japan's "business reinvention" | Opensource.com
- Throughout the 1990s, Japanese companies really put open organization principles into full practice, particularly adaptability in a changing market, expanded inclusivity and collaboration in product development globally, and transparency regarding where they could and could not compete globally. Japan has adapted itself from being an exporter of consumer gadgets to a global critical product component supplier.
- 10 Factors Behind the Popularity of Microservices: Part 1
- The urgency of high availability and quick, flexible scaling
Classic advantages of modularized programs for development and testing
The continuing growth of third-party (cloud) compute services
Cheap, high-capacity networks in data centers
The dominance of RESTful APIs for interprocess communication
The convenience of Platform as a Service (PaaS)
The efficiency of containers for virtual applications
Applications moving online in Software as a Service (SaaS)
The productivity of small programming teams
The race to speed up innovation through DevOps and rapid deployment
- Open Policy Agent 0.30 lands, irons out some kinks • DEVCLASS
- Insurance and Ransomware - Schneier on Security
- Basically, the insurance industry incents companies to do the cheapest mitigation possible. Often, that’s paying the ransom.
- Samsung Electronics Adopts International Open Source Standard – Samsung Global Newsroom
- Automating performance analysis
- Automate Kubeflow deployment – IBM Developer
- Learning 1E's Tachyon: Using Inventory
- Flashing the BIOS from the F12 One-Time Boot Menu | Dell US
- vizex - visualize disk space and disk usage - Page 2 of 3 - LinuxLinks
- Apply lean startup principles to your open source project | Opensource.com
- The Old Computer Challenge and Why I Need It
- New York City launches a cyberdefense center in Manhattan | Engadget
- Coop-Sweden closes 800 stores after Kaseya VSA supply chain attack by REvil gang | Born's Tech and Windows World
- Your phone vs. Supercomputers – Huan Truong's Pensieve
- TODO: Disable the Print Spooler service on Domain Controllers - The things that are better left unspoken
- VMware Tools v 11.3 fixes a Denial of Service vulnerability (VMSA-2021-0011, CVE-2021-21997, CVSv3 3.3) - The things that are better left unspoken
- Preparing Active Directory for Windows 10 version 21H1 - The things that are better left unspoken
- What are these *.ready and *.done files for in PostgreSQL? - Blog dbi services
- What Happened in the Kaseya VSA Incident? - Lawfare
- How I avoid breaking functionality when modifying legacy code | Opensource.com
- Proprietary Software Security | Tux Machines
- The Lawfare Podcast: Matt Tait Ransom"wears" All the Things - Lawfare
- How to Use seq to Generate a Sequence of Numbers in Linux
- IT for service providers biz Kaseya defers decision about SaaS restoration following supply chain attack • The Register
- The Kaseya Ransomware Attack is a Really Big Deal - Lawfare
- How to Build a PowerShell GUI for your Scripts
- Create a Simple Graphical Interface for a PowerShell Script | Scripting Blog
- I've Got a PowerShell Secret: Adding a GUI to Scripts | Scripting Blog
- How to Create a GUI for PowerShell Scripts? – TheITBros
- Microsoft warns of critical Windows ‘PrintNightmare’ vulnerability - The Verge
- MacHound - An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts
- AZ-700 Study Guide: Azure Network Engineer - Thomas Maurer
- GitHub - ossf/scorecard: Security Scorecards - Security health metrics for Open Source
- Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config
- ColdFire - Golang Malware Development Library
- Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!
- CISA Emphasizes Urgency of Avoiding 'Bad' Security Practices
- Another 0-Day Looms for Many Western Digital Users – Krebs on Security
- Western Digital won’t fix a vulnerability found in older My Cloud OS3 storage devices | Engadget
- Select Samsung enterprise Android devices will receive five years of software support - Gizmochina
- MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities
- YottaDB Dashboard - YottaDB
- MATLAB, SAS, Stata and SPSS files in LabPlot – LabPlot
- Oracle and Cloud Wars
- Why Are There Never Enough Logs During an Incident ...
- Aluminum Flashing Tape | Cool Tools
- CISA Tool Helps Measure Readiness to Thwart Ransomware
- Friday Thoughts on Going Back To the Office | The Networking Nerd
- 7 Unconventional Pieces of Password Wisdom
- Passwords Aren't *All* Bad
Complexity Rules Are Less Important Than You Think
Screening New Passwords is a Must
Ditch the Periodic Resets
Make it Easier to Choose REALLY Long Passphrases
Let Users Cut and Paste Passwords
Stop Using Security Questions for Resets
- List of data breaches and cyber attacks in June 2021 | IT Governance Blog
- How to Clone/Backup Linux Systems Using - Mondo Rescue Disaster Recovery Tool
- Microsoft Issues New CVE for 'PrintNightmare' Flaw
- A Large Number of Third-Party Libraries from Apps Are Never Updated
- What is Audit Failure In Event Viewer?
- SQL Server: Fixing another huge MSDB database - 80GB+ - Blog dbi services
- 17 Linux commands every sysadmin should know | Enable Sysadmin
- Ansible might be running slow if libyaml is not available | Jeff Geerling
- How to create a Dockerfile with some dockerfile examples - LinuxTechLab
- How I build my personal website using containers with a Makefile | Opensource.com
- How To Enable Brotli Compression in Apache – TecAdmin
- IBM's 18-month company-wide email system migration has been a disaster, sources say • The Register
- Germany: The state hacks along – Matthias Monroy
- The GDPR, Privacy and Monopoly | Electronic Frontier Foundation
- Irish Ransomware Attack Recovery Cost Estimate: $600 million
- Using a Medical Device Cybersecurity Bill of Materials
- Rob Suárez,
- Google Online Security Blog: Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
- Healthcare Exchange Standards: FHIR Security & Privacy Tutorial
- John Moehrke
- List of data breaches and cyber attacks in May 2021 – 116 million records breached - IT Governance UK Blog
- Majority of Web Apps in 11 Industries Are Vulnerable All the Time
- SQL Server 2019: What’s new in sp_configure and sys.configurations options? - Blog dbi services
- Ansible Beginner's Guide: Getting Started With Automation
- Ransomware a threat to national security, says Dutch counterterrorism office | NL Times
- Is remmina useful for your daily work? - Fedora Magazine
- Ransomware: Exploring the Hidden Costs | CSO Online
- 4 Habits of Highly Effective Security Operators
- Habit #1: Operationalize Existing Frameworks into Your Daily Routine
Habit #2: Leverage Internal Security Signals First
Habit #3: Cultivate a Proactive Threat Hunting Posture
Habit #4: Make Threat Intelligence Actionable
- Cyberattacks Are Tailored to Employees ... Why ...
- Mission Critical: What Really Matters in a Cybersecurity Incident
- 1. The Incident Response Plan Is Important as a Discussion Point Pre-Incident but Rarely Consulted During an Event
2. Logging Is Never Where It Needs to Be
3. Network Maps and IT Asset Inventories Can Make or Break a Recovery
- What the FedEx Logo Taught Me About Cybersecurity
- Hackers exploited two flaws in event that remotely wiped Western Digital devices | Engadget
- Open Practice Library basics: Planning and Executing
- Regulating AI around the World « Oralytics
- Japan lags in cyber capabilities: British think tank report - Japan Today
- 5 Lessons from Steve Jobs for a Powerful Product Launch Event – Ideas
- Use a “Twitter-Friendly” Headline for Your Product Launch Presentation
Follow the Rule of Three
Show Enthusiasm When You Launch Your Product
Introduce the Villain
Carefully Plan the Product Launch Presentation
- Regula: Open source policy engine for IaC security - Help Net Security
- Does Your Cyberattack Plan Include a Crisis ...
- Tip 1: Be Prepared to Respond Quickly
Tip 2: Establish a Virtual War Room to Monitor and Assess
Tip 3: Embrace the Notion of Radical Transparency With Your Key Stakeholders
Tip 4: Set Goals and Benchmarks but Be Flexible
Tip 5: Admit Fault Quickly
- Dark Reading | Security | Protect The Business
- Its analysis shows that 79% of the time, developers don't update the third-party libraries they use in a codebase. Though third-party libraries are constantly changing — and what's secure and what's not secure keeps changing equally fast — developers by and large don't update them. Even in the case of more mature, actively maintained repositories, Veracode found that third-party libraries are added and never updated 73% of the time — compared with 79% for all repositories. Overall, 50% of libraries take longer than 21 months to update, and 25% are not updated for as long as four years — which was the time frame for the Veracode study.
- Dark Reading | Security | Protect The Business
- Why Security is Paramount in a Digital-First Economy?, IT News, ET CIO
- Network-Bound Disk Encryption improvements in RHEL 8
- JENKINS - Deploy Ansible Playbook with Jenkins plugin - Blog dbi services
- Some Ideas About Storage Reliability « etbe - Russell Coker
- 5 biggest healthcare security threats for 2021 | CSO Online
- 7 ways technical debt increases security risk | CSO Online
- How to migrate Java workloads to containers: 3 considerations | The Enterprisers Project
- Scripting for Network Audit on a Cisco Device (with bonus) - RouterFreak
- Liberating our mobile computing | MeanMicio
- An Unbelievable Demo
- 12 open-source free self-hosted email marketing solutions
- jmtd → log → LaTeX draft documents
- the vulnerability remediation lifecycle of Alpine containers – Ariadne's Space
- Kerckhoffs’s Law for Security Engineers
- (22) Interview with a Site Reliability Engineer - YouTube
- Ansible blockinfile oddity
- The Week That Will Be - Lawfare
- Finally! A Cybersecurity Safety Review Board - Lawfare
- How to pass extra variables to an Ansible playbook | Enable Sysadmin
- Docker command cheat sheet
- Take the Advice of Ransomware Actors: Prevent Escalation and Lateral Movement
- Why Ransomware Attacks Are Becoming A National Security Risk : NPR
- (22) Why So Many People Lack Critical Thinking Skills - YouTube
- Ansible Tutorial: Introduction to simple Ansible commands - LinuxTechLab
- My gripes with Ansible
- A primer on containers – Increment
- What is an SBOM? - Linux Foundation
- Tuning systemd services, logging, and device management in Linux - Linux Concept
- Kogito: Laying the foundation for the next generation of cloud-native business automation
- » Oracle cashing in on Java: this is what happens if developers use closed source non-OpenSource non-GPL licensed programming languages | dwaves.de
- Secure Your Apache Web Server Best Practice - Unixcop
- Automated Website Testing with Selenium
- Simulating Veeam disk actions with DiskSpd - rhyshammond.com
- Eyeing The Credentials: Mitigating The Leak – doOdzZZ'sNotes
- Why a Zero-Day Attack Doesn’t Mean There’s Nothing You Can Do | Security & Compliance Blog | VMware
- 5 IT leadership principles to live by: Miami CIO of the Year winners share | The Enterprisers Project
- 1. Listen more than you speak
2. Trust and integrity are key to results
3. Aim high - even when it makes you uncomfortable
4. Never underestimate the power of a strong network
5. Lead with a people-first mindset
- 7 Best Free and Open Source Configuration Management Databases - LinuxLinks
- 6 Recommended Open Source Learning Management Systems (LMS)
- Regulatory Alchemy: Turning Cybersecurity Guidelines Into Rules - Lawfare
- Tmux Command Examples To Manage Multiple Terminal Sessions
- 7 Lessons From 10 Outages – The Downtime Project
- Monitor your Internet with a Raspberry Pi | Jeff Geerling
- Will open-source Postgres take over the database market? Experts weigh in - SiliconANGLE
- Cloud 101 - Wasabi Hot Cloud Storage - Anto ./ Online
- Using Ansible to automate Logical Volume Manager configurations | Enable Sysadmin
- (19) systemd on Linux: Intro and Unit Files - YouTube
- Webcast: Getting Started in Pentesting The Cloud: Azure - Black Hills Information Security
- What is the difference between DNF and YUM? | 2DayGeek
- Doc Searls Weblog · Redux 002: Listen Up
- Our goal is to burn down Marketing As Usual. Here is the logic behind the ambition:
Markets are conversations
Conversations are fire
Marketing is arson
- Upgrading Homelab Kubernetes Cluster from 1.20 to 1.21 | Lisenet.com :: Linux | Security | Networking
- Configure PXE Boot Server for Rocky Linux 8 Kickstart Installation | Lisenet.com :: Linux | Security | Networking
- RapidDisk 7.2.1 now available – Random [Tech] Stuff
- Web Servers vs. Application Servers | ServerWatch
- MyBook Users Urged to Unplug Devices from Internet – Krebs on Security
- Try Chatwoot, an open source customer relationship platform | Opensource.com
- How to manage systemd units with systemctl | 2DayGeek
- How to manage systemd units with systemctl | 2DayGeek
- 7 'dmesg' Commands for Troubleshooting and Collecting Information of Linux Systems
- vVols, Oracle RAC, and VMware SRM – Dell EMC PowerMax with VMware
- Some pretty useful Yum Tips & Tricks - LinuxTechLab
- UpdateUpdate for BIOS/UEFI vulnerabilities in Dell systems | Born's Tech and Windows World
- Windows 11: Hardware requirements | Born's Tech and Windows World
- Chris's Wiki :: blog/sysadmin/NetworkCablesGoBad
- Going Old School with Optimization Parameters in Oracle 19c
- Financial Tips for Parents to Teach Their Children
- How to accelerate workloads without vSphere Flash Read Cache
- Thomas Rayner – Writing code & automating IT
- Extra Dark Honey Sweetened Hot Cocoa Recipe
- Linux sysadmins: 6 reasons you should write technical articles | Enable Sysadmin
- 5 Tips from Grandpa and Grandma on How To Be Frugal – BeingFrugal.net
- Kidiosity- A Fun and Helpful Tool for Parenting | Penniless Parenting
- Send Messages From Your Scripts To Multiple Messaging Platforms Using PingMe - Linux Uprising Blog
- Squid proxy configuration tutorial on Linux - LinuxConfig.org
- Tom Moynihan on why prior generations missed some of the biggest priorities of all - 80,000 Hours
- Why is Terraform so Popular for DevOps?
- Kubernetes: How Components Fit Together as an Architecture Diagram
- CV vs. Resume: What's the Difference and How to Pick One? – Interviews
- Dealing with Bad Behavior in Young Children | Penniless Parenting
- Ansible tutorial for beginners on Linux - LinuxConfig.org
- Ransomware is a Darwinian Problem That Will Never Be Solved - Architecting IT
- Microsoft will end Windows 10 support in October 2025 | Engadget
- US releases NSA leaker Reality Winner into supervised custody | Engadget
- Meat supplier JBS paid $11 million to its ransomware attackers | Engadget
- The Cybersecurity Stories We Were Jealous of in 2020
- How to Reset an Active Directory Password with PowerShell
- Chris's Wiki :: blog/tech/TLSTimeRepresentations
- Windows 7 SP1/Server 2008/R2: Extended Support 2021 – Part 2 | Born's Tech and Windows World
- Network: Simulate packet loss and latency with clumsy | Born's Tech and Windows World
- Setting up Computer Security Incident Response Team (CSIRT)Rafeeq Rehman – Personal Blog
- PDF Version of Book: Cybersecurity Arm Wrestling available for downloadRafeeq Rehman – Personal Blog
- Perspectives on Information Security ArchitectureRafeeq Rehman – Personal Blog
- Six Essential Ingredients for Building a Successful Security Operations Center (SOC)Rafeeq Rehman – Personal Blog
- 1. People (SOC Staff) with different levels of expertise in diverse areas including networking, operating systems, applications, operations management, scripting, Python, vulnerability management, incident handling, forensics and others.
2. Defined processes for tasks under the scope of SOC. While there are many SOC processes, effective incident detection and incident management is a key process for success of every SOC. A SOC may also rely on other IT systems/processes like asset management, change management, patch management etc.
3. Technology Stack for collecting log and other types of telemetry data, storing data, and processing/analyzing data. Main technologies used in SOC include Security Information and Event Management (SIEM) tool, log collection, network sensing, ticket/incident management, forensic tools, and vulnerability management tools.
4. SOC Governance structure that enables SOC management and continuous improvement while ensuring the business objectives of SOC are achieved.
5. Carefully selected Data Sources provide high value in threat detection. People need to be careful and selective in determining the type and amount of data that is fed into the technology stack. More is not always better!
6. Threat Intelligence is a must for the success of any modern SOC. It helps in proactive threat hunting and helps in automation, responding to threats at machine speed.
- The Security Reference Architecture provides models for clients customize
- vSphere 7 ESXi Secure Boot Options | ESX Virtualization
- Terence Luk: What is Azure Key Vault?
- Achieving Cyber Vigilance with Zero Trust | VMware Security Blog
- Enterprise networks: The 5 most common configuration errors | Born's Tech and Windows World
- 1. Standard credentials
2. Multiple use of passwords
3. Open remote desktop services and standard ports
4. Delayed software updates
5. Logging turned off
- SecAware blog: Stepping on the cracks
- SecAware blog: News on ISO/IEC 27002
- Bucky - An Automatic S3 Bucket Discovery Tool
- Supply chain attack examples: 6 real-world incidents | CSO Online
- 1. Upstream server compromise: Codecov attack
2. Midstream compromise to ship malicious updates
3. Dependency confusion attacks
4. Stolen SSL and code-signing certificates
5. Targeting developers' CI/CD infrastructure
6. Using social engineering to drop malicious code
- HITRUST explained: One framework to rule them all | CSO Online
- Cyber Insurance Firms Start Tapping Out as ...
- Create Your Own Free Website Checker - linuxwebdevelopment.com
- Microsoft Word - CSFv9.2_Introduction SR.docx - CSFv9.4_Introduction.pdf
- Use Ansible like a Programming Language - Blog dbi services
- How the Internet Has Turned Into the Modern-Day Battlefield
- Your Old Phone Number Can Be Used to Hack You, Study Finds
- New Open Source Project Automates Data Deletion Requests by Email – Digital Lab at Consumer Reports
- Your 10-Minute Guide to PKI & How Internet Encryption Works
- Multiple Healthcare Provider Clients Affected by CaptureRx Ransomware Attack
- Exclusive: White House launches new artificial intelligence website - Axios
- Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease
- CyberBattleSim - An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments
- Waybackurls - Fetch All The URLs That The Wayback Machine Knows About For A Domain
- CANalyse - A Vehicle Network Analysis And Attack Tool
- Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool
- A Closer Look at the DarkSide Ransomware Gang – Krebs on Security
- Reviving Old Recipe For Faraday Wax Keeps Vacuum Experiments Going | Hackaday
- Cloud CLI - Blog dbi services
- Remote Access Tools Deemed Cyber-Threats by Ponemon Institute
- Patch Deployment: A Key Aspect of Any Good Cybersecurity Strategy
- Five Great Reads on eDiscovery for May 2021
- Ten Tips for Better ESI Expert Reports | Ball in your Court
- Answer the questions you were engaged to resolve.
Don’t overreach your expertise.
Define jargon, and share supporting data in useful, accessible ways.
Distinguish factual findings from opinions.
Include language addressing the applicable evidentiary standard.
Eschew advocacy; let your expertise advocate for you.
Challenge yourself and be fair.
Proofread. Edit. Proofread again. Sleep on it. Edit again.
Avoid assuming the fact finder’s role in terms of ultimate issues.
Listen to your inner voice.
- Easy LPEs and Common Software Vulnerabilities
- CheeseTools - Self-developed Tools For Lateral Movement/Code Execution
- Qvm-Create-Windows-Qube - Spin Up New Windows Qubes Quickly, Effortlessly And Securely
- U.S. Military Personnel Spilled Nuclear Secrets in Online Flashcards
- Researcher’s First Hack Was a Martial Arts Movie-Inspired Prank
- Central Ohio ISSA InfoSec Summit Summary | CQURE Academy
- Microsoft’s Acquisition of Nuance - Implications for the Voice Authentication and Security Industry | Pindrop
- How Are Cyber Insurance Companies Assessing ...
- Cloud Compromise Costs Organizations $6.2M Per Year
- $6.2M Per Year
- Health Data Breach Tally's 2021 Surge Continues
- Privacy Rights: GDPR Enforcement Celebrates Third Birthday
- Cyber Insurance: Higher Premiums, Limited Coverage
- Five Practical Steps to Implementing a Zero-Trust Network
- 1. Identifying and segmenting data
2. Mapping the traffic flows of your sensitive data and associate them to your business applications
3. Architecting the network
4. Monitoring
5. Automate and orchestrate
- Office surveillance: Digital leash on workers could be crossing a line
- Should we treat OSD compliance as a binary? – Blog FiascoBlog Fiasco
- Using network bound disk encryption with Stratis - Fedora Magazine
- tmt hint 01: provisioning options – Fedora Community Blog
- Erman Arslan's Oracle Blog: Exadata X8M-2 & PCA X8-2 -- Part 2 Installation / Exadata X8M-2 installation (Imaging, install.sh steps, insights, notes and so on)
- Chris's Wiki :: blog/sysadmin/LessFilteringLines
- How to Make Your 1,000+ User WVD Deployment Highly Available
- VDI Drones 3.2 has been released. Find out what’s new
- ESXi to Libvirt, now with more Terraform. – blog.kroy.io
- I’ll show you mine, if you show me yours
- How Do You Plan to Respond to a Ransomware Attack? - RouterFreak
- How to Verify Applied GPOs with the GPResult Tool
- Understanding Cyber Resilience | Data Protection Hub
- Jerikan+Ansible: a configuration management system for network
- This MOS note is not available anymore??!?
- Guidebook for open source community management: The Open Source Way 2.0
- Cyberark Per Host Password Lookup In The Ansible Automation Platform | Greg Sowell Saves The World
- Using Collections With Ansible Tower/Ansible Control | Greg Sowell Saves The World
- The Privacy Act Project: Revisiting and Revising the Privacy Act of 1974 - Lawfare
- Adapting to the Cyber Domain: Comparing U.S. and U.K. Institutional, Legal and Policy Innovations - Lawfare
- The Cyberlaw Podcast: Is Apple Storing Its Dorian Gray Portrait Behind the Great Firewall? - Lawfare
- Linux Directory structure explained : A reference guide - LinuxTechLab
- 7 Quirky 'ls' Command Tricks Every Linux User Should Know
- ls -l --time-style=full-iso
- Visualizing performance in Red Hat Enterprise Linux 8.4 web console
- PowerShell Is Source of More Than a Third of Critical Security Threats
- Raspberry Pi PoE+ HAT features 25.5W PoE+
- Cyber insurance rates to increase 20-50% this year: Aon | Business Insurance
- UK: Customers hit as ransomware incident blacks out Doncaster insurance firm
- Running Modern Linux From A Single Floppy Disk | Hackaday
- How to Work with Ansible Provisioner in Vagrant
- (1) Hyperfine: The BEST Way To Benchmark CLI Tools - YouTube
- dnssecuritytxt | A standard allowing organizations to nominate security contact points and policies via DNS TXT records.
- Security contact via DNS
- GitHub - woj-ciech/Shomap: Create visualization from Shodan query
- How to Remove Lines from a File Using Sed Command
- What the Best Mentors Do
- Linux - Reset password expiration, age and history - LinuxConfig.org
- grep -R -i passwd /var/log/auth.log
- JENKINS - recover access to your Jenkins Admin Dashboard - Blog dbi services
- Merging RVTools reports using Power BI -
- Our cybersecurity 'industry best practices' keep allowing breaches | TheHill
- FBI Issues Conti Ransomware Alert as Attacks Target Healthcare
- Health care privacy law updates from Colorado, Washington
- Adding arguments and options to your Bash scripts | Enable Sysadmin
- AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning
- IPED - Digital Forensic Tool - Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners
- Ransomware gang behind Ireland attack also hit US health and emergency networks | Engadget
- A Step-by-Step Guide to Getting Started with Ansible on Windows
- VCP-DCV Objective 7.11.2 - Describe ESXi Updates | ESX Virtualization
- NIST Seeks Input on HIPAA Security Rule Guidance Update
- IT Modernization Grants Will Prioritize Cybersecurity
- DHS confirms new cybersecurity rules for pipeline companies | Engadget
- 7 Frugal Meals That Are Easy to Prepare – BeingFrugal.net
- How to Use Handlers in Ansible Playbook
- Losing control to Kubernetes
- More Healthcare Disruptions Tied to Vendor Incidents
- Exclusive Interview: New HHS ONC Leader on Health Data Security
- Home Audio/Visual Setup - The IT Hollow
- How To Build a All Wood Standing Desk for Less then $400 - TDSheridan Lab
- Determining Risk Less Badly – Jordan Potti – Security Things
- Dell Technologies Introduces APEX as the "New Dell" - Architecting IT
- HPE Introduces Alletra and the Data Services Cloud Console - Architecting IT
- How to Benchmark Kubernetes Storage - Architecting IT
- The Need to Benchmark Kubernetes Storage - Architecting IT
- Storage Predictions for 2021 and Beyond (Part IV – CAS) - Architecting IT
- Storage Predictions for 2021 and Beyond (Part V - Open Source) - Architecting IT
- Storage Predictions for 2021 and Beyond (Part III - SDS) - Architecting IT
- Storage Predictions for 2021 and Beyond (Part II - Systems) - Architecting IT
- Storage Predictions for 2021 and Beyond (Part I - Media) - Architecting IT
- The Rise, Fall and End of Violin Memory - Architecting IT
- Improving Application Security with UndefinedBehaviorSanitizer (UBSan) and GCC | Oracle Linux Blog
- An always free 4 vCPU 3.0 GHz 24 GB RAM on OCI - Blog dbi services
- How to document your job – Blog FiascoBlog Fiasco
- DHS will issue mandatory cybersecurity rules for pipeline companies | Engadget
- http-sys vulnerability (CVE-2021-31166) also threatens WinRM service | Born's Tech and Windows World
- Irish health service shut down amid ransomware attack - IT Governance UK Blog
- Workaround for OneDrive login error 0x8004de40 | Born's Tech and Windows World
- dsregcmd /leave
dsregcmd /join
- How do cyber attacks affect your organisation? - IT Governance UK Blog
- ESXi 7.0 U2a Potentially Killing USB and SD drives! · vNinja.net
- Lusser's Law and Applicability | APMdigest - Application Performance Management
- Browser Monitoring in Minutes! | APMdigest - Application Performance Management
- Build vs Die
- When Hardware Drives Software Upgrades | The Networking Nerd
- Insecure Protocols: SMBv1, LLMNR, NTLM, and HTTP | CSO Online
- Career plan template - 80,000 Hours
- Key parts of the career planning template:
What does a fulfilling, high-impact career look like for you? (What are your career goals?)
Clarify your views of which global problems are the most pressing
Generate ideas for longer-term paths
Clarify your strategic focus
Determine your best-guess next career step
Plan to adapt
Get feedback, investigate key uncertainties, and make a judgement call
Put your plan into action
- 6 lesser-known but seriously useful Linux commands | Enable Sysadmin
- Microsoft cloud architecture models - enterprise resource planning | Microsoft Docs
- Accessing USB Flash Drive from VMWare ESXi | Windows OS Hub
- Passed Linux Foundation Certified System Administrator – UseIT | Roman Levchenko
- Take a Screenshot of a User's Desktop with PowerShell | Windows OS Hub
- Alaska Health Department Services Affected by Malware Attack
- Press Release: Low-tech Attacks. Critical Infrastructure poorly secured - Attacks against Colonial Pipeline used Standard Access Tools | DeepSec In-Depth Security Conference
- Attackers Were Inside SolarWinds in January 2019
- RSA's CEO: For Maximum Resiliency, Unleash Chaos Monkeys
- How to test image performance of Java libraries with JMH and IDEA IDE
- How to setup SonarQube
- Hording AD groups through wbinfo « On the third side
- Shenandoah garbage collection in OpenJDK 16: Concurrent reference processing | Red Hat Developer
- Getting the most out of Linux Bash history command
- ransomware, real resolutions
- Some quick thoughts on ransomware as a tractable problem.
Create a superfund to hire ransomware developers and support staff. Pay them to do something productive, or at least non criminal.
The only people with power over ransomware gangs are the protectors providing the safe havens they reside in. If you cannot make North Korea, China, Russia or even Ukraine, cooperate then there’s no way to eradicate them
Ransomware is a billion dollar industry with a few major players reaping the rewards. The ransomware10, R10 gangs are pulling in tens, or hundreds, of millions.
Those millions pay for “protection”
The money is mostly spent inside the safe haven.
Ransomware is a problem for the West. This is a strategic alignment with Russian (and Chinese) interests.
- Data Lake, Data Lab, Data Hub: what’s the difference? | Ubuntu
- The Best Note Taking Apps for Students to Install on Linux
- CNA Financial reportedly paid $40 million to resolve a ransomware attack | Engadget
- Analysis of the 2021 Verizon Data Breach Report (DBIR) | Daniel Miessler
- 8 things CISOs should be thinking about, but probably aren't | CSO Online
- 1. Ensuring that third-party partners maintain strong security
2. Investigating innovation opportunities
3. Understanding their enterprise's data footprint
4. Strengthening security team support and focus
5. Thinking ahead
6. Maintaining return on existing security investments
7. Finding ways to build enterprise management unity
8. Developing a truly effective method to sharpen threat awareness
- Dark Reading | Security | Protect The Business
- Using SDR to Build a Trunk Tracker - Police, Fire, and EMS Scanner - Black Hills Information Security
- Microsoft Teams released, free for private use | Born's Tech and Windows World
- `
- Threat Modeling | Security Education Companion
- How Not to Bomb Your Offer Negotiation - haseeb qureshi
- Ten Rules for Negotiating a Job Offer - haseeb qureshi
- Right now I’m talking with a few other companies so I can’t speak to the specific details of the offer until I’m done with the process and get closer to making a decision. But I’m sure we’ll be able to find a package that we’re both happy with, be
- Das U-Blog by Prashanth: Manually Creating a Rudimentary Searchable Image Tagging System
- Web App Pen Testing in an Angular Context - Black Hills Information Security
- Japan’s Rikunabi Scandal Shows The Dangers of Privacy Law Loopholes | Electronic Frontier Foundation
- Rikunabi
- Outliving Outrage on the Public Interest Internet: the CDDB Story | Electronic Frontier Foundation
- Surveillance Self-Defense Playlist: Getting to Know Your Phone | Electronic Frontier Foundation
- This guide will help users understand a wide range of topics relevant to mobile privacy, including:
Location Tracking: Encompassing more than just GPS, your phone can be tracked through cellular data and WiFi as well. Find out the various ways your phone identifies your location.
Spying on Mobile Communications: The systems our phone calls were built on were based on a model that didn’t prioritize hiding information. That means targeted surveillance is a risk.
Phone Components and Sensors: Today’s modern phone can contain over four kinds of radio transmitters/receivers, including WiFi, Bluetooth, Cellular, and GPS.
Malware: Malicious software, or malware, can alter your phone in ways that make spying on you much easier.
Pros and Cons of Turning Your Phone Off: Turning your phone off can provide a simple solution to surveillance in certain cases, but can also be correlated with where it was turned off.
Burner Phones: Sometimes portrayed as a tool of criminals, burner phones are also often used by activists and journalists. Know the do's and don’ts of having a “burner.”
Phone Analysis and Seized Phones: When your phone is seized and analyzed by law enforcement, certain patterns and analysis techniques are commonly used to draw conclusions about you and your phone use.
- Alternative Ways To Perform Basic Tasks
- Mental Health Month | Diary of a Network Geek
- Google Online Security Blog: Making the Internet more secure one signed container at a time
- NSA: Connecting OT to the net can lead to "indefensible levels of risk"
- "indefensible levels of risk"
- Reasonable IR Team Expectations – tisiphone.net
- Ransomware Attack Leads to IT Shutdown for Irish Hospitals
- “The real issue with hacks such as the event that impacted Irish Healthcare is patients’ sensitive data and associated records are potentially being exposed and released into the view of unauthorized viewers."
- Groups Call for Alignment of HIPAA Privacy Rule, Other Regs
- Scumbag ransomware attackers hit Irish Health Service • Graham Cluley
- 'No sense' other agencies affected by attack - Ryan
- Cyber-crime: Irish health system targeted twice by hackers - BBC News
- Colonial Pipeline take-away for CISOs: Embrace the mandates | CSO Online
- Cyberinsurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments • Graham Cluley
- DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection
- Red-Kube - Red Team K8S Adversary Emulation Based On Kubectl
- 5 Question on Cybersecurity — EtherealMind
- Linux 101: What are the Linux systemd equivalents of runlevels? - TechRepublic
- However, systemd takes a much more logical approach to runlevels. Here's how systemd targets track with the old-school runlevels. poweroff.target is shutdown or power off, so it's akin to runlevel 0. rescue.target launches the rescue shell session, so it's like runlevel 1. multi-user.target launches the system in non-GUI, multi-user mode, so it's like run levels 2, 3, and 4. graphical.target launches the system into a GUI, multi-user mode, so it's like runlevel 5.
Finally, reboot.target shuts down or reboots the system, so it's like runlevel 6. Most of your systems will use runlevels 3, 4 or 5, which translates to either multi-user.target or graphical.target.
These targets are defined in the systemd startup scripts in /etc/systemd/system and are generally found in the install section, as in WantedBy=multi-user.target.
And those are the systemd equivalents of sysvinit runlevels. Hopefully, this helps to demystify systemd just a bit for you.
- IT job hunt: 3 tips to get a recruiter's attention | The Enterprisers Project
- 1. Be creative – but personalize your approach
2. Look for opportunities in unexpected places
3. Think and speak as if you already have the job
- NSA, ODNI and CISA Release 5G Analysis Paper — EtherealMind
- Ransomware: Stop Counting on Cyber Insurance | Data Protection Hub
- How to use commands in a search bar in Teams - SharePoint Maven
- El Carro: The Oracle Operator for Kubernetes - Blog dbi services
- Starting with Simple Ansible Playbooks - Blog dbi services
- Chart: Cybersecurity Now a Top Corporate Priority
- Colonial Pipeline shutdown highlights need for better OT cybersecurity practices | CSO Online
- The Cyber Cold War Is Here | The Nation
- Kubernetes configuration patterns, Part 2: Patterns for Kubernetes controllers | Red Hat Developer
- Kubernetes configuration patterns, Part 1: Patterns for Kubernetes primitives | Red Hat Developer
- Why You Should Replace 'ls' With 'exa' Linux Command For Listing Files
- How to benchmark your websites with the open source Apache Bench tool - TechRepublic
- How to set up a hex editor on Kali Linux
- How To Use Linux KVM To Optimize Your Windows 10 Virtual Machine - Front Page Linux
- Soft unbricking Bay- and Cherry-Trail tablets with broken BIOS settings - Hans' hacking log — LiveJournal
- curl -G vs curl -X GET | daniel.haxx.se
- Biden administration, Congress unite in effort to tackle ransomware attacks | TheHill
- Ireland shuts down health IT system after ransomware attack - Japan Today
- Health care institutions have been frequent victims of ransomware attacks. In Los Angeles, Hollywood Presbyterian Medical Center revealed in 2016 it paid $17,000 to hackers to decrypt important data.
- Everything You Need to Know About the New Executive Order on Cybersecurity - Lawfare
- Biden Signs Executive Order on Cybersecurity - Lawfare
- Cyberspace Is Neither Just an Intelligence Contest, nor a Domain of Military Conflict; SolarWinds Shows Us Why It’s Both - Lawfare
- How the U.S. Government Can Learn to See the Future - Lawfare
- Israel’s Version of Moving Fast and Breaking Things: The New Cybersecurity Bill - Lawfare
- Guide to Understanding File Permissions in Linux - Low End Box
- InfoSec Handlers Diary Blog - Ransomware Defenses
- Ireland refuses to pay ransom demand in attack on its national health service - The Verge
- 'We will not be paying any ransom' over cyber attack
- Ireland’s Health Service Executive hit by ransomware attackSecurity Affairs
- Chris's Wiki :: blog/sysadmin/MetricsDownsamplingNotIdeal
- 10 Steps to Cyber Security - NCSC.GOV.UK
- (29) Medical Devices Cybersecurity - YouTube
- Commercial Plumbing: What Business Owners Need to Know – Business
- A Step By Step Guide To Deep Cleaning Without Breaking The Bank | Penniless Parenting
- Shit Just Got Real – The Felder Report
- How to find WWN and WWPN of HBA card in Linux | 2DayGeek
- Doc Searls Weblog · How the cookie poisoned the Web
- Systemd Service Hardening | Linux Journal
- LFCA – Useful Tips for Securing Data and Linux – Part 18
- iOS Forensics: how to perform a logical acquisition with libimobiledevice | Andrea Fortuna
- How to Install RedNotebook 2.12 in Ubuntu 19.10, 18.04 | UbuntuHandbook
- sudo add-apt-repository ppa:rednotebook/stable
sudo apt update
sudo apt install rednotebook
- Insurer AXA halts ransomware crime reimbursement in France
- My keyboard - May 2021 | Hund
- BASHing data: overview
- Rustls: memory safety for TLS [LWN.net]
- New-SelfSignedCertificate: Creating Certificates with PowerShell
- FragAttack: Attack on WLAN devices | Born's Tech and Windows World
- What’s in my desk? — Nathan Baker | Cool Tools
- TuTuShop Under Table Drawer, Hidden Self-Adhesive Pencil Tray Drawer,Under Desk Holder Storage Box, Stationery Pencil Storage Drawer Organizer for Office/School/Kitchen (2 Pack White+Grey)
- Despite Heightened Breach Fears, Incident Response ...
- The 7 Guiding Principles for Developer Engagement – The New Stack
- "As you move forward, remember: start small, start now, and keep at it!"
The Seven Guiding Principles for Developer Engagement
Understanding:
Incorporation:
Coordination:
Participation:
Transparency and authenticity:
Accessibility:
Inclusion:
- kcp: Kubernetes Without Nodes and Why I Care :: rm-rf.ca
- Automating the testing process for SystemTap, Part 2: Test result analysis with Bunsen - Red Hat Developer
- Use knowledge graphs to discover open source package vulnerabilities - Red Hat Developer
- scan multiple log subdirectories for the latest log files and tail them Using cut, ls, sh, tail, tr, xargs
- ls /var/log/* -ld | tr -s " " | cut -d" " -f9 | xargs -i{} sh -c 'echo "\n---{}---\n"; tail -n50 {}/`ls -tr {} | tail -n1`'
- Poor Disk Performance
- The Mosquito and the Hurricane: Jim Whitehurst on the Past, Present, and Future of IBM |
- “Men are only as good as their technical development allows them to be.” –George Orwell
- Mindmap Demystifying the “SVCHOST.EXE” Process and Its Command Line Options - Koen Van Impe - vanimpe.eu
- How To Use Nmap - A Comprehensive Guide: Basics To Advanced
- What is the OSI model?
- Security Incident Leads Scripps Health to Postpone Care
- Chinese Military-Civil Fusion and Section 1260H: Congress Incorporates Defense Contributors - Lawfare
-
- Doc Searls Weblog · A half-century of NPR
- LFCA: Learn Cloud Costs and Budgeting – Part 16
- 4 Linux terminal multiplexers to try | Opensource.com
- Digital transformation: 4 ways to build in security | The Enterprisers Project
- 1. Take a proactive security stance
2. Remove silos and do audits
3. Prioritize executive communication on security
4. Set users up for success
- IT leadership: How to spot a collaboration superstar in interviews | The Enterprisers Project
- 1. How do you provide feedback to a colleague who is struggling or performing poorly?
2. What project are you most proud of?
3. Share an example of a team project that failed
4. How do you influence people who do not report to you?
5. Tell me about a time you had to work with a colleague with whom you didn’t get along
- Do Not Miss These 10 Steps in Application Security Assessment
- 1. Have a Clear Application Security Policy In Line with Your Business
2. Discover and Manage the Assets
3. Controls Analysis
4. Threat Intelligence
5. Scanning the Applications Continuously
6. Penetration Testing
7. Managing False Positives
8. Attack Probability Determination
9. Application Security Risk Assessment
10. Result Documentation
- Terence Luk: Azure Server-side Encryption (SSE) and Azure Disk Encryption (ADE) - Part 2 of 2
- Terence Luk: Azure Server-side Encryption (SSE) and Azure Disk Encryption (ADE) - Part 1 of 2
- Azure Server-side Encryption (SSE) and Azure Disk Encryption (ADE)
- CSI Topology – Configuration How-To – CormacHogan.com
- NVMe Storage Server Project - The Tech Journal
- Comparing VM Encryption performance between ESXi 6.7U3 + vSAN and ESXi 7.0U2 + vSAN | Electric Monk
- How I Passed The #CISSP #vExpert #VCDX @kmcnam1 -
- A first look at vSphere VM Service – CormacHogan.com
- Use the ACME DNS-Challenge to get a TLS certificate - Marco Franssen
- Put your ssh experience in Windows on Steroids - Marco Franssen
- [blog 005]# git commit – techaspire.com.au
- jQuery events contributes to clean Javascript - Marco Franssen
- 5 key qualities of successful CISOs, and how to develop them | CSO Online
- A modern CISO speaks the language of the business
They equally need to understand the mission of their company, articulate how their work supports that mission, provide actionable insights to leadership, and create a security-focused culture throughout their organizations.
A modern CISO is a collaborator
To be effective, cybersecurity needs the support and expertise from other parts of the business, as diverse as IT and communications, internal audit, human resources, marketing and even cultural change programs.”
A modern CISO is emotionally intelligent
Having empathy and understanding about what is worrying them helps here and ensures we are genuinely interested and engaged. This leads to a more positive outcome.”
A modern CISO has strategic focus
Focusing on strategic priorities rather than reacting to inbound information is therefore a common and noteworthy challenge for CISOs today, Papadopoulos adds. “However, I’ve seen terrific CISOs who excel at this in a few ways: through having a concise, documented strategy or shortlist of priorities, by getting top stakeholders to agree and share ownership of the priorities so they become externally driven rather than just the priority of the CISO themselves, and by spending time in peer-to-peer conversations with other CISOs where they can focus on their most important issues rather than reacting to other peoples’ most important issues.”
A modern CISO is tenacious
- Researchers Explore Active Directory Attack Vectors
- This Is the NSA’s 650-Page Guide to the Internet
- When Stretching Layer Two, Separate Your Fate — Ethan Banks
- Cheerleading Mom Is Accused of Creating ‘Deepfakes’ of Teens to Harass, Threaten Them
- Hauppauge WinTV-HVR-950 - LinuxTVWiki
- extract_xc3028.pl
- America Has Been Through An Opioid Crisis Before
- Everything You Need to Know About the Great Semiconductor Shortage
- The Last Time the Suez Canal Was Blocked a Utopian Communist Micronation Was Formed at Sea
- How to Make Your Video Camera Look Amazing - Wahl Network
- How I Use an Elgato Stream Deck for Work - Wahl Network
- Import Into ServiceNow CMDB Via Ansible ServiceNow Collection | Greg Sowell Saves The World
- Why do you need a password to download older patch bundles?
- Tips and tactics of today's cybersecurity threat hunters | CSO Online
- Vulnerability Management: Essential Components
- Amlsec - Automated Security Risk Identification Using AutomationML-based Engineering Data
- OpenEDR - Open EDR Public Repository
- 5G - 101 - Koen Van Impe - vanimpe.eu
- Vulmap - Web Vulnerability Scanning And Verification Tools
- GRecon - Your Google Recon Is Now Automated
- Kenzer - Automated Web Assets Enumeration And Scanning
- Watcher - Open Source Cybersecurity Threat Hunting Platform
- OpenCSPM - Open Cloud Security Posture Management Engine
- MOSINT - OSINT Tool For Emails
- Wynis - Audit Windows Security With Best Practice
- EagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search
- Aura - Python Source Code Auditing And Static Analysis On A Large Scale
- Sigurlx - A Web Application Attack Surface Mapping Tool
- BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
- ByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture
- Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place
- Writehat - A Pentest Reporting Tool Written In Python
- Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
- Horusec
- Tips on Enhancing Supply Chain Security - HealthcareInfoSecurity
- Data breaches and cyber attacks quarterly review: Q1 2021
- Ldsview - Offline search tool for LDAP directory dumps in LDIF format
- UAC - Unix-like Artifacts Collector
- Maigret - OSINT Username Checker. Collect A Dossier On A Person By Username From A Huge Number Of Sites
- Watson - Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities
- SecretScanner - Find Secrets And Passwords In Container Images And File Systems
- KICS - Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code
- OSCP-Exam-Report-Template-Markdown - Markdown Templates For Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam Report
- Server Security Best Practices | ServerWatch
- Windows Privilege Escalation: SeBackupPrivilege
- Active Directory Enumeration: PowerView
- Wireshark for Pentester: Password Sniffing
- Empire for Pentester: Active Directory Enumeration
- Thoughts on writing better documentation | stewart a.
- Introductory Considerations to Cyber Resiliency | Data Protection Hub
- Ransomware Recovery Costs Near $2M
- To better defend digital assets, follow physical security's playbook | CSO Online
- Perform Linux memory forensics with this open source tool | Opensource.com
- Defenseless | University of Virginia School of Engineering and Applied Science
- Simplifying In-Place Upgrade from Oracle Linux 7 to 8 with Leapp | Oracle Linux Blog
- Leapp
- Exa – A Modern Replacement for ls Command
- Encrypting and decrypting files with OpenSSL | Opensource.com
- From URGENT/11 to Frag/44: Analysis of Critical Vulnerabilities in the Windows TCP/IP Stack | Armis
- How to Install Apache Tomcat 9 with Nginx Proxy on Debian 10
- NSA: OT Security Guidance in Wake of SolarWinds Attack
- These include:
Cryptographically protecting all access vectors and logging all access attempts from vendors or any outsourced OT asset support, remote connections, internal access, especially via open, unmanaged networks, and direct physical access.
Disconnecting all remote access connections until there is active monitoring in place.
Creating an OT network map and device settings baseline, and validating all equipment on the network.
Assessing and prioritizing OT network cybersecurity needs to identify required mitigations and then deploying cyber-hardening strategies.
- Active Directory Enumeration: BloodHound
- Homemade Daily Shower Cleaner Spray
- Chris's Wiki :: blog/sysadmin/DNSDynamicUpdatesToUs
- 7 Modern-Day Cybersecurity Realities
- Are the Cloud Apps You Build Really Secure?
Companies Can Shift Left but Still Must Shift Right
WAFs and Gateways Won't Fully Secure APIs
Traditional Patch and Vulnerability Management Tools Won't Secure APIs
Basic Awareness Training Falls Way Short -- Especially For Engineers
Just Buying a New Tool Doesn't Make the Company Secure
Companies Rolling Out IoT Products Don't Always Focus on Security
- An example of ORA-01152: file ... was not restored from a sufficiently old backup - Blog dbi services
- ORA-01152
- How to Find (and Remove) Unlinked GPOS in Active Directory
- 7 Ways Data Governance Can Benefit Your Business – Around the Web
- 1. Rely On Consistent Data
2. Boost Data Quality
3. Access to Complete and Accurate Data
4. Improve Decisions Making Process
5. Enhance Business Planning
6. Boost Financial Performance
7. Increase Business Profits
- In Appreciation: Dan Kaminsky
- Guide: How to Setup Ansible (Ubuntu, RHEL, CentOS, macOS)
- Cost of ransomware more than doubles in a year
- Building Intrusion Detection Honeypots Online Course | Chris Sanders
- Chris's Wiki :: blog/sysadmin/SSHNonAnnoyingMFAQuestion
- 15 open source GitHub projects for security pros | CSO Online
- 1. ELF Parser
2. YARA
3. PageBuster
4. AuditJS
5. Mihari
6. Regexploit
7. Awesome Cobalt Strike Defence
8. Boomerang
9. OWASP Zed Attack Proxy (ZAP)
10. Shadrak
11. Photon
12. Harlogger
13. MozDef
14. Lynis
15. Autopsy / The Sleuth Kit
- Buying cyber insurance in 2021? Expect greater scrutiny, higher premiums | CSO Online
- Ransomware Attack Vectors shift as New Software Vulnerability Exploits Abound
- Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails
- The GitOps Journey
- Set-ADUser: How to Change User Properties in Active Directory with PowerShell | Windows OS Hub
- IRTriage - Incident Response Triage - Windows Evidence Collection For Forensic Analysis
- PentestBro - Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool
- Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
- Mapping Your Way To Compliance With Cybersecurity Frameworks | CSO Online
- PCI recommends CIS standards for hardening
The DoD Cloud Computing Security Requirements Guide references CIS Benchmarks as an acceptable alternative to the STIGs and SRGs, Section 5.5.1
The CIS Controls are referenced by the National Governors Association and NIST
FedRAMP lists CIS Benchmarks if U.S. government configuration guidelines aren’t available for a specific platform
- Why senior management needs to make cloud backup a priority
- Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets
- ThreatMapper - Identify Vulnerabilities In Running Containers, Images, Hosts And Repositories
- ThreatMapper
- End of Life of Flash? | >_
- Shift Left: From Concept to Practice
- 16 years - A Reflection - CormacHogan.com
- Terence Luk: PowerShell script to remove users in an Active Directory group from all Microsoft Teams' Teams in an organization
- Grassroots Oracle: Kicking the tyres on Oracle APEX 21.1
- Ubuntu: list USB devices
- lsusb > ~/my-usb-devices.txt
sudo dmesg | grep usb > ~/dmesg-usb-info.txt
usb-devices > ~/my-usb-devices-output.txt
- The 8 Best Self-Hosted Proxy Servers | FOSS Linux
- Security Researcher Dan Kaminsky Passes Away | SecurityWeek.Com
- Ping command basics for testing and troubleshooting | Enable Sysadmin
- List of data breaches and cyber attacks in March 2021 – 21 million records breached
- Chris's Wiki :: blog/linux/LocalDNSCacheMaybe
- Organisations turn the tide on ransomware attackers - IT Governance UK Blog
- Without the incentive to negotiate with the attacker, organisations can restore their systems from backups and accept that a data leak is inevitable.
- Fundamentals: Is Switching Latency Relevant? « ipSpace.net blog
- Free Exercise: Build Network Automation Lab « ipSpace.net blog
- 1990s Warnings About Cyber War That Nobody Heard | flyingpenguin
- 3 must-read books on ISO 27001 - IT Governance UK Blog
- Metasploit Tutorial for Beginners
- CrossLinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
- Working From Home : Here come the hit pieces!
- Vulnerablecode - A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
- Vulnerablecode
- How to test scripting in PowerCLI with vCenter simulator (VCSIM)
- Infosecurity.US - https://infosecurity.us - Dan Kaminsky
- Tscopy - Tool to parse the NTFS $MFT file to locate and copy specific files
- UK organisations have faced 172,000 cyber attacks so far this year
- Updating your data protection documentation following Brexit - IT Governance UK Blog
- Healthcare Risks: Unprotected Databases, 'Shadow IT'
- Second Medical Researcher Sentenced in Hospital IP Theft Case
- Where Is the Safest Place for You to Store Bitcoin? – Around the Web
- Another killer woodpecker - Security Boulevard
- Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:”
If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.
The problem is that since Weinberg made his law, software has become a lot like buildings – an integral part of our civilization which can have serious, even deadly, impacts when it fails. And the woodpeckers have been evolving – getting bigger, smarter, and in some cases state sponsored.
- HashiCorp is the latest victim of Codecov supply-chain attack
- Facebook Breach Means More Munitions for Fraudster ATO attempts | Pindrop
- - CERIAS - Purdue University
- Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario | Daniel Miessler
- Improving the Vulnerability Reporting Process With ...
- [SANS ISC] How Safe Are Your Docker Images? - /dev/random
- The cybersecurity researcher Dan Kaminsky has diedSecurity Affairs
- Artificial Intelligence and Discrimination risks in the healthcare sector
- How to Use Sysbench for Linux Performance Testing? – Linux Hint
- Best Java EE Frameworks| APN News
- (5) 10 BEST Tips & TRICKS with a sample CABLE TIES - YouTube
- (5) Breadboarding tips - YouTube
- Pentesting: What I should have done – DiabloHorn
- The Lawfare Podcast: DHS Leadership Talk Cybersecurity - Lawfare
- The Cyber Regulators Are Coming for the Cloud - Lawfare
- How to build an active-active-active cluster with RHEL 8 and Percona MySQL | Enable Sysadmin
- Why and When to Upgrade Servers | ServerWatch
- LFCA: Learn Basic Network Troubleshooting Tips – Part 12
- How to Install Jupyter Notebook on Ubuntu 20.04 / 18.04 - SpeedySense
- Patching all my environments with the April 2021 Patch Bundles
- 3 Ways to Check Your Wi-Fi Password in Ubuntu | UbuntuHandbook
- Oracle 19c Installation with 19.11.0 RU, OJVM and some other fixes
- How cybercriminals are targeting healthcare organizations [Q&A]
- Starlink is a global ISP built at ZERO COST to SpaceX, enabling NASA's Artemis launch
- SQL Server: Get email notifications for Error Log entries - Blog dbi services
- The Insider’s Guide To Evangelizing Good Design | Scott Berkun
- SOC 2 Attestation Tips for SaaS Companies
- PXE-boot server – Summary – Part 5/5 – Devops
- PXE-boot server – Build your own PE (Preinstallation Environment) – Part 4/5 – Devops
- PXE-boot server – dhcp & tftp server setup – Part 3/5 – Devops
- PXE-boot server – Setup media-share function for OpenMediaVault – Part 2/5 (skippable) – Devops
- The Weight of Light: A Collection of Solar Futures | Center for Science and the Imagination
- Cities of Light: A Collection of Solar Futures | Center for Science and the Imagination
- PXE-boot server – Introduction – Part 1/5 – Devops
- Cybersecurity Awareness Training - Open Source Presentation & Slides - TreeTop Security
- I cannot print or scan via USB on Ubuntu 20.04 or later or on its derivative (Linux) | Brother
- Ubuntu Brother Printer-Scanner Network Setup | Kitson Consulting
- Using a Brother network scanner with Linux · Just a pile of Old Computer Junk
- AutoML – using TPOT « Oralytics
- Hackers stole driver's license numbers from Geico's website | Engadget
- How to Install OpenMAINT on Ubuntu 20.04
- [Howto] Using systemd timers instead of /etc/cron entries – /home/liquidat
- Basics: Backup Lifecycle | Data Protection Hub
- Microsoft unveils its own Java distribution | InfoWorld
- Building a better battery analyzer with Arduino | Arduino Blog
- How to write a cyberthreat report executives can really use | CSO Online
- Consider your audience
The report you write to the CIO is different than the one to the CEO or a board, because you’re dealing with two different levels of knowledge,” says Bruce deGrazia, program chair for cybersecurity management and policy at the University of Maryland Global Campus.
Or they may share their threat reports with board members but only in certain circumstances. “If it’s a high-level threat report, a good proactive CISO will distribute it widely,” says Jon Oltsik, an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service.
Form, function, and timing
Although there’s no single template for crafting a threat report, “it should look like whatever you think people will read," says deGrazia. "Senior managers get hit with lots and lots of paper, so whatever format it’s in, it has to get their attention.”
Timothy R. Campo, who as director of Applications & Security at (ISC)2 is the senior-most security person in the organization, has aligned his threat reports to the best practices outlined in the NIST 800-53 framework.
Campo also issues cyberthreat reports as urgent issues arise. For example, he distributed a report following news of the SolarWinds hack explaining the lack of risk to (ISC)2. “We had zero threat, but I had to lay it out in a way that was clear,” he says, noting that his report also outlined some proactive steps he decided to take as a result of the SolarWinds breach.
What to include
Threat reports should include information about threats that could exploit vulnerabilities within the organization, how the security team is mitigating vulnerabilities, how its defending against threats and any additional actions that will be taken.
“Executives and the board really care about the things that impact them. That’s the art of writing these reports: The CISO has to know enough to say there are attacks going on but they’re not impacting us but there are other things that could hurt us,” Oltsik explains. “So if I were writing a cyberthreat report, it would be very concise, include what the incident is, who has been affected, what we know about it, whether we’re vulnerable—yes/no—and if yes, what do we need to do to mitigate that risk. And all of that would be [communicated] in business terms.”
- Strong Security Comes in Small Packages | CSO Online
- “Small and midsize businesses tend to be more agile and have the benefit of fewer degrees of separation between business and IT,” says Wolfgang Goerlich, an advisory CISO at Cisco Secure. “That means security professionals have a direct line to understanding business objectives and can ensure security measures stay in lock-step with growth plans.”
Three factors contribute to support for the business and achieving security outcomes:
Sufficient security staff
A secure development approach
IT and security collaboration
“Being able to draw a line from business objectives to security initiatives helps immensely,” says Goerlich. “That means working together collaboratively to eliminate any areas of inefficiency.”
- A Networking Perspective On Zero Trust Architecture (ZTA) — Ethan Banks
- Zero Trust Architecture (ZTA)
- Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets
- BSidesSF 2020 - Transform Your Presentation Skills - Anne Ricketts and Hilary Spreiter
- Trinity Health Data Breach: What You Need Know – NBC Connecticut
- Cyberattacks on Health Insurers Continue - HealthcareInfoSecurity
- Spraygen - Password List Generator For Password Spraying
- Educating Hospital Board Members on Cybersecurity
- Advice for Combating the 'Next' SolarWinds Attack
- Sish - HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH
- The Joy of Tech comic... Lesser-known romantic emojii meanings...
- Combating Sleeper Threats With MTTD
- Prepare Your Organization for MFA Compromise | SlashNext
- The Cloud Migration Gotchas.. ~ The Technology chronicle!!!
- Linux Foundation launches free service to verify software authenticity
- sigstore
- List Of System Cleaning Tools For Ubuntu | Itsubuntu.com
- HttpDoom - A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface
- Terence Luk: How to perform Content Search for Microsoft Teams IM messages
- Complement your VDI environment with NSX: dFW. -
- Microsoft Report: Firmware attacks on the rise | Born's Tech and Windows World
- Patchday Review & Issues (April 2021) | Born's Tech and Windows World
- Get better at programming by learning how things work
- Advanced Design VMware vSphere 7.0 Exam (3V0-21.21) Study Links – vcdx133.com
- Notepad++ Backup or Migrate
- Guide To Mastering OpenSCAD Costs Roughly The Same As OpenSCAD | Hackaday
- Dirty Tricks: The Latest in Ransomware Tactics | CSO Online
- How to stay protected
Since ransomware keeps getting dirtier, and harder to detect, consider these best practices to minimize your risk of attack:
Use multi-factor authentication (MFA)
Monitor for the abuse of administrative tools and privileges
Encourage employees to use complex passwords, managed through a password manager
Be mindful of access and give user accounts and administrators only the access rights they need
Patch regularly and stay up to date
- How the Biden Administration Can Make Digital ...
- Remediate Insecure Configurations to Improve Cybersecurity | CSO Online
- Who Invented the Personal Computer? “Apple Was Literally Following Us Around” | flyingpenguin
- Mapping “America First” Revival of the KKK | flyingpenguin
- How to sort and organize files recovered by PhotoRec | Andrea Fortuna
- It’s Time To Get History Accurate About Power in Silicon Valley | flyingpenguin
- Google Online Security Blog: A New Standard for Mobile App Security
- Wireshark For Pentester: A Beginner’s Guide
- Omdia Research Spotlight: XDR
- Extended Detection and Response (XDR) technology is quickly taking the enterprise cybersecurity industry by storm.
To meet Omdia's criteria to be classified as a "comprehensive" XDR solution, a product must offer threat detection and response functionality across three key platforms:
Endpoints (often referred to as Endpoint Detection and Response or EDR)
Networks (often referred to as Network Traffic Analysis or NTA, more recently as Network Detection and Response or NDR)
And cloud computing environments (occasionally referred to as Cloud Detection and Response or CDR).
- The Top 3 Most Common Cloud Attacks and How to Avoid Them | CSO Online
- Misconfigured Storage Buckets
Metadata Service Exploitation Through SSRF
Credential Leakage and Overly Permissive Access
- Federal Reserve Chairman Says Cyber-Risk a Top ...
- How to Create an Incident Response Plan From the ...
- Enable Adobe Flash on Chrome after End of Life - The Tech Journal
- How I Use Home Assistant: Part 4 — Automatically Enable and Disable Sonos Night Mode with Node-RED · vNinja.net
- How I Use Home Assistant: Part 3 — Morning Coffee · vNinja.net
- How I Use Home Assistant: Part 2 — Light Color Changes for Calendar Based Events with Node-RED · vNinja.net
- How I Use Home Assistant: Part 1 — My Setup · vNinja.net
- Download A Portion Of Youtube Video with Youtube-dl And FFmpeg - OSTechNix
- Additional information for your zone configuration. | c0t0d0s0.org
- Tiered storage with ZFS | c0t0d0s0.org
- Increasing ZFS pool sizes | c0t0d0s0.org
- Improved debugging in LDAP tools and nscd | c0t0d0s0.org
- How to use Ansible to configure a reverse proxy | Enable Sysadmin
- How To Install SpiderFoot on Ubuntu 20.04 LTS - idroot
- AWS Certified Developer Associate Exam - Tips to pass! - mwpreston.net
- Resources to prepare for the AZ-140 Configuring and Operating Windows Virtual Desktop on Microsoft Azure exam - ivobeerens.nl
- Ansible Tower/Ansible Control Survey To Template Demo | Greg Sowell Saves The World
- WASI, Bringing WebAssembly Way Beyond Browsers - Linux.com
- Dealing with Difficult Users - RouterFreak
- Securing Workloads and Containers at the Ground Level | Security & Compliance Blog | VMware
- 4 Open Source Tools to Add to Your Security Arsenal
- Doxygen
Z3
LibFuzzer Fuzzing Engine
Gcov Code Coverage Tool
- Chris's Wiki :: blog/linux/ZFSPerDatasetStats
- Refreshed 100TB Production Oracle DB to 10 x Non-Prod DB’s in 20 Mins! | Long White Virtual Clouds
- FBI cleans web shells from hacked Exchange servers in rare active defense move | CSO Online
- Supermicro X9DRi-LN4F+ BIOS Password Bypass | JonKensy.com
- 9DRi-LN4F+ v1.20a
- FREE VMware VCTA Study Guide | ESX Virtualization
- Make your data boss-friendly with this open source tool | Opensource.com
- Security at the Edge: hardware accelerated AI-based cybersecurity with Canonical Ubuntu and the BlueField-2 DPU | Ubuntu
- How to use Ansible to send an email using Gmail | Enable Sysadmin
- Ansible Basics Workshop day @dbi services - Blog dbi services
- Bruce Charlton's Notions: Philip K Dick discussing the (Christian) self limitations of his character Angel Archer who was based-on Ursula Le Guin - from The Exegesis
- Chris's Wiki :: blog/tech/NVMeGettingTermsStraight
- Tips to improve domain password security in Active Directory | CSO Online
- What Bernie Madoff Taught Every Investor | The Motley Fool
- 1. It's easy to follow the bandwagon over the cliff
2. Know what you're investing in
3. Diversify
A road paved with good intentions
- Develop a Linux command-line Tool to Track and Plot Covid-19 Stats | Linux Journal
- How to Test Website Loading Speed in Linux
- curl -s -w 'Testing Website Response Time for :%{url_effective}\n\nLookup Time:\t\t%{time_namelookup}\nConnect Time:\t\t%{time_connect}\nPre-transfer Time:\t%{time_pretransfer}\nStart-transfer Time:\t%{time_starttransfer}\n\nTotal Time:\t\t%{time_total}\n' -o /dev/null http://www.howtoforge.com
- Chris's Wiki :: blog/sysadmin/DMIVendorPeculiarities
- How to review Apache tomcat access logs – Linux Hint
- K8s on Windows/VirtualBox - Blog dbi services
- 2021-02-03 CERIAS - Lessons Learned – Fifty Years of Mistakes in Cybersecurity - YouTube
- Measuring Your Red Team – Jordan Potti – Security Things
- What’s new in vSphere 7.0 Update 2?
- StarWind Free NAS & SAN For VMware vSphere Released | ESX Virtualization
- Owning Your Own Copyrights in Open Source | James Bottomley's random Pages
- Skyline Health Detector | Adventures in a Virtual World
- Setting up UEFI HTTP boot with libvirt | Enable Sysadmin
- Tools for Monitoring Disk Activity in Linux – Linux Hint
- Should firms be more worried about firmware cyber-attacks? - BBC News
- Why MSPs Need to Shift from Cybersecurity to Cyber Resilience | Webroot
- Reducing the Time to Discovery: How to Determine if You Have Been Hacked | Webroot
- How to identify your personal strengths - 80,000 Hours
- Better Active Directory Reporting with PowerShell • The Lonely Administrator
- Linked: Why Introverts Can Be the Best Public Speakers
- Introducing adutil - A tool to ease configuration of AD authentication for SQL on Linux/Containers - Microsoft Tech Community
- Practitioner To Researcher – JerryGamblin.com
- Exploited in the Wild? What Does That Even Mean? – JerryGamblin.com
- Of the 16 announcements by P0, only 6 of them have publicly available proof of concept code and only the Exchange CVEs have been weaponized as far as I can tell. That means a lot of companies have spent a lot of resources rushing emergency patches out to their systems to defend against zero-days that make huge news headlines like these:
- Cybersecurity Training Launched by Cybersecurity Center for State Officials
- The trainees will learn what cybersecurity is, why it is important and how cyberattacks work. They will also find out how to use multi-factor authentication, practice password safety, and regular software patching, encrypt files and messages to protect themselves.
- What Day Had The Most CVEs Published? – JerryGamblin.com
- Biden's Infrastructure Plan: 3 Cybersecurity Provisions
- 1. Electrical Grid Improvements
2. Addressing Supply Chain Issues
3. Research and Development
- Definition of HAR File and Its Importance in Cybersecurity
- HTTP Archive Format
- About Data Encryption Software - And the Dark Side of This Moon
- (16) Linux Essentials - Understanding File & Directory Permissions - YouTube
- Android Triage: a really useful forensic tool by Mattia Epifani | Andrea Fortuna
- 10 Awesome Awk Command Examples – Linux Hint
- “You shouldn’t treat knowledge like it’s a competition” | flyingpenguin
- Comprehensive Guide on ffuf
- Comprehensive Guide to AutoRecon
- FDA's Kevin Fu on Threat Modeling for Medical Devices
- Form Validation in Django – Linux Hint
- Use of Django Request and Response Objects – Linux Hint
- Feds charge man with planning to blow up an Amazon data center | Engadget
- Using Archive.org for OSINT Investigations – We are OSINTCurio.us
- A new headache - ransomware extortionists emailing your customers
- Get FREE threat intelligence on hackers and exploits with the Recorded Future Cyber Daily • Graham Cluley
- Businesses! Beware The Vengeful IT Contractor!
- Average ransomware payouts shoot up 171% to over $300,000
- Ten Minute Tip: Image Geolocation – Part 1 – We are OSINTCurio.us
- A New Approach to Multi-cloud Security | CSO Online
- 1. Common framework
2. Application awareness
3. Integrated architecture
- DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic | CSO Online
- What if We Made Paying Ransoms Illegal? | Daniel Miessler
- I think making it illegal just means a loss of visibility.
- Wyse 5070 Extended VyOS Router Build : homelab
- The Consumer Authentication Strength Maturity Model (CASMM) v5 | Daniel Miessler
- Ten Minute Tip: Image Geolocation Part 2 – We are OSINTCurio.us
- Google Online Security Blog: Rust in the Android platform
- 9 Modern-Day Best Practices for Log Management
- Detach Logs From Their Device and System Origins
Log at Different Points
Take Cover in the Cloud
Add Images of the Storage Media to the Forensic Data Mix
Don't Shut Down Compromised Machines So Fast
Know Which Info in Log Files Is Useful
Test the Usefulness of Your Logs
Purge Responsibly
Don't Overdo It
- 83% of Businesses Hit With a Firmware Attack in ...
- Security on a Shoestring? More Budget Means More ...
- American Distrust in Press: Deadly 1830s Cancel Culture | flyingpenguin
- Manufacturing Firms Learn Cybersecurity the Hard Way
- The different challenges and viewpoints mean that IT and OT groups should be collaborating on cybersecurity, but only 12% of groups are working together, says William Malik, vice president of infrastructure strategies at Trend Micro.
- Exec Order Could Force Software Vendors to Disclose ...
- The proposal on the table contains several recommendations, including the notification requirements for service providers. Vendors would still be required to preserve digital records for investigating hacks and work with the FBI and the Homeland Security Department's Cybersecurity Infrastructure Security Agency (CISA) when responding to incidents.
Congress has tried unsuccessfully in the past to pass a national data breach notification law.
- [SANS ISC] Simple Powershell Ransomware Creating a 7Z Archive of your Files - /dev/random
- Password Rules | Diary of a Network Geek
- [SANS ISC] Jumping into Shellcode - /dev/random
- KGB Spy in 1961 Used X-Ray to Crack U.S. Top-Secret Lock | flyingpenguin
- Show CPU Details Beautifully in Linux Terminal With CPUFetch - It's FOSS
- Understanding the Linux Virtual Directory Structure - Make Tech Easier
- Questions to ask in a job interview that reveal company culture
- Tell me about a time a team member changed your mind?
Tell me about someone you are proud of.
Do you fully disconnect during holidays and vacations?
Describe a recent success or win.
Tell me about a disagreement or conflict on the team.
How did you start your last team meeting?
What is your ideal person for this role?
Who have you promoted and why?
Tell me about the last person you recognized.
How do you focus on your own growth and development?
- PodSecurityPolicy Deprecation: Past, Present, and Future | Kubernetes
- Ransom Gangs Emailing Victim Customers for Leverage – Krebs on Security
- The U.S. Government Needs to Overhaul Cybersecurity. Here’s How. - Lawfare
- Adopting a zero trust strategy will change how the government views its networks for the better. In the case of SolarWinds, the intruder read and stole credentials, and then used those stolen credentials to leverage and travel through unrestricted communications paths between servers—systems that had never tried to communicate with other servers before, and never should have been able to do so.
- GlobalTrends_2040.pdf - globaltrends_2040.pdf
- 5 obscure but useful Linux commands for sysadmins | Enable Sysadmin
- nmtui
os-prober
shuf
split
watch
- TiddlyWiki | Personal, non-linear, Note Taking Application on Linux – CubicleNate's Techpad
- What is the HEIC File? – Linux Hint
- 7 signs you survived the best era of IT | Enable Sysadmin
- #1 - You used to "burn" DVDs/CDs
#2 - You know what a floppy disk is
#3 - You recognize the sound of a modem
#4 - You witnessed the arrival of the "new Personal Computers"
#5 - You programmed in BASIC on your hobby computer
#6 - You know what a punched card is
#7 - Your first video game was an Atari
Needs to add BBS
- Hardened ROS with 10 year security from Open Robotics and Canonical | Ubuntu
- (15) How to Homelab: Considerations for adding a Domain to your Gear - YouTube
- SQL Server connectivity issue - troubleshoot TLS configuration - Blog dbi services
- Upgrade / Migrate / Consolidate - Oracle Database 19c - doug-perf.pdf
- RFC 8996 - Deprecating TLS 1.0 and TLS 1.1
- SAML Raider Release 1.4.0 – Compass Security Blog
- This World Backup Day, Our Customers Do the Talking - Webroot Blog
- The SolarWinds hack timeline: Who knew what, and when? | CSO Online
- Four Essential SASE Security Must-haves | CSO Online
- SASE must function as part of an integrated security platform
SASE must feature enterprise-grade security
SASE should leverage third-party validated research and services
SASE security should be a part of a holistic security strategy
- Getting a Grip on Basic Cyber Hygiene with the CIS Controls | CSO Online
- An action plan for basic cyber hygiene includes the Safeguards in IG1 and an accompanying campaign, that has the following attributes:
Covers both organizational and personal behavior
Actions are specific and easily scalable
Effect on preventing, detecting, or responding to attacks can be stated
No detailed domain knowledge or execution of a complex risk management process is necessary to get started
Safeguards can be supported with a marketplace of tools for implementation and measurement
Actions provide an “on-ramp” to a more comprehensive security improvement program
- 4 steps to better security hygiene and posture management | CSO Online
- There are several reasons for this:
Cyber-risk management continually increases. In a recent ESG survey, 84% of business, IT, and security managers said that cyber-risk is greater than it was two years ago due to a growing dependence on technology, an increasing attack surface, and a progressively dangerous threat landscape.
Software vulnerabilities are vast and unrelenting. Alarmingly, 70% of IT and security professionals claim that the volume of software vulnerabilities can be overwhelming. This is because it takes lots of time and money to scan for vulnerabilities, understand which vulnerabilities are likely to be exploited, prioritize patches, work with IT operations on patch management, etc. Oh, and we are talking about thousands of software vulnerabilities across the enterprise at all times.
Security hygiene and posture management is a manual slog. Nearly half (46%) of cybersecurity decision makers say that continually monitoring security hygiene and posture across the enterprise is their biggest cyber-risk management challenge. Why? Think of the parable of the blind men and the elephant: Each man touches the elephant in one place, uses this experience to form an opinion of what the elephant looks like, and, no surprise, their descriptions differ wildly. The only way to get a more comprehensive picture is through the sharing of all individual data points. Unfortunately, the tools used for security hygiene and posture management are like the blind men as they look at things like assets, configurations, user privileges, software vulnerabilities, or effectiveness of security controls. CISOs need a team of analysts and spreadsheets to get a complete picture of the security hygiene and posture management elephant. This, too, takes resources and is prone to errors.
The SolarWinds hack introduces even more complexity. Before the SolarWinds hack, 47% of cybersecurity decision makers said that monitoring risks associated with IT vendors was their biggest cyber-risk management challenge. Based on many anecdotal conversations, I'm sure this percentage is a lot higher today. Because of SolarWinds, CISOs are reassessing their IT vendor and third-party risks and plan on more stringent requirements moving forward. This means more oversight that spans from purchasing through testing, deployment, and ongoing operations.
- 5 Fundamentals for Effective Security Design | CSO Online
- Five Fundamentals for Effective Security Design
The approach to network security needs to evolve. Here are five fundamental principles and practices that every organization needs to consider to get in front of and stay ahead of their current security challenges:
A unified security fabric is essential to establish and maintain control over every edge. It must be able to span the distributed and evolving network to detect threats, correlate data, and seamlessly enforce policy. This isn’t about selecting a single vendor, rather about choosing the right vendors. Priority needs to be given to those vendors that leverage application programming interfaces (APIs) and common standards to support interoperability—especially those that allow policy decisions to be made outside of their solution.
Deployed security solutions also need to have access to common datasets across all network edges, endpoints, and clouds, enriched with real-time global and community threat intelligence shared from every area of the organization. This common intelligence framework enables holistic analyses of the state of security and performance, identifies emerging threats, and enables unified response across the organization.
An integrated security framework needs to support and enable advanced data analysis, combined with the ability to automatically create new protections across the full attack cycle when those analytics detect previously unknown threats. This system should also be able to function autonomously within simpler environments and be linked to extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions for increasingly advanced network operations center (NOC) and security operations center (SOC) environments
This security fabric needs to be able to rapidly launch a coordinated threat response across the entire ecosystem the moment a threat is detected. This breaks the attack sequence before its objectives can be realized. Leveraging machine learning (ML) and artificial intelligence (AI) tied to dynamically generated playbooks makes this possible without introducing slowdowns or human error.
Because change is the only constant in today’s digital world, a security fabric needs to be dynamic, meaning that it must be designed to scale up and out as the network it is securing evolves and adapts. This requires deep integration between security and the network components and functions so organizations can continually innovate and expand networking and operations ecosystems without a lag in protections.
- 10 pioneering women in information security | CSO Online
- Judy Parsons
Mavis Bately
Hedy Lamarr
Renee Guttmann
Donna Dodson
Dr. Dorothy Denning
Rhonda MacLean
Becky (Rebecca) Bace
Dr. Chenxi Wang
Maria Cirino
- Booming dark web gig economy is a rising threat | CSO Online
- Reco - audio recording app designed for elementary OS - LinuxLinks
- Configuring RHEL 8 for compliance with crypto-policy related to Cipher Block Chaining
- FFmpeg 4.4 Released with Hardware Accelerated AV1 Decoding, VDPAU Accelerated HEVC and VP9 Decoding - 9to5Linux
- An introduction to firewalld rules and scenarios | Enable Sysadmin
- How to use FreeRADIUS for SSH authentication - TechRepublic
- Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA? | Teleport
- Linux Capacity Planning Part -2 - DEV Community
- Linux Capacity Planning Part -1 - DEV Community
- LFCA: How to Monitor Basic System Metrics in Linux – Part 8
- Use Apache Superset for open source business intelligence reporting | Opensource.com
- Librem 5 and Librem 5 USA: What are the Differences? – Purism
- The Librem 5 is $799 while the Librem 5 USA is $1999
- Moving some ZFS filesystems to the ‘trash’ and removing all their snapshots – sanoid – Dan Langille's Other Diary
- Trufflehunter: A New Tool to Sniff Out DNS Usage — RIPE Labs
- ::meta synthax::: Switching to FAI (Fully Automatic Installer) for creating Vagrant Boxes
- 6 OpenSSL command options that every sysadmin should know | Enable Sysadmin
- Ansible Playbook to Install and Setup Apache on Ubuntu
- Servant Leadership and Standing Out | The Networking Nerd
- How to Add External Users to Microsoft 365 for Collaboration | Alexander's Blog
- What Contractors Need to Know About Microsoft Cloud Compliance (Commercial vs. GCC vs. GCC High)
- Ticker Is A Terminal Stock Watcher And Position Tracker (With Cryptocurrency Support) - Linux Uprising Blog
- Show USB Devices Event History Using Usbrip In Linux - OSTechNix
- (16) My Personal Website Will Now Be A Gemini Capsule - YouTube
- Learning Binary Reversing: Radare2 vs. GDB | Hurricane Labs
- How to Install Ansible AWX on Debian 10
- Azure Sentinel Cybersecurity Maturity Model Certification (CMMC) Workbook Redux – Azure Cloud & AI Domain Blog
- So You Want to Hire a CISO? | LinkedIn
- "38% of respondents say CISOs change jobs when they are offered higher compensation packages from other organizations." This answer ties back to my previous point about hiring security leadership; if you don't invest in them, someone else will.
- Detecting At-Risk Software Infrastructure – Community Data Science Collective
- How to Play DVDs on Fedora Linux [Quick Tip] - It's FOSS
- What lies after LTS? Two years of Ubuntu 14.04 in ESM | Ubuntu
- How To Install GNS3 on Ubuntu 20.04 LTS - idroot
- How to Check a Server for TLS Support on Linux
- OpenZFS 2.1-rc1 Released With Distributed Spare RAID "dRAID" - Phoronix
- Creating a backup of data stored in a Linux virtual machine | Enable Sysadmin
- How to Generate Self-Signed SSL Certificates using OpenSSL
- What is a Buffer Overflow Attack – and How to Stop it
- Running the UniFi Network Controller in a Docker Container – Jon's FOSS Blog
- IBM, Red Hat face copyright, antitrust lawsuit from SCO Group successor Xinuos • The Register
- Xinuos
- Windows containers on Kubernetes with MicroK8s | Ubuntu
- ::meta synthax::: Playing with cri-o, a container runtime built for Kubernetes
- 5 tips to help you prepare for technical certification exams | Enable Sysadmin
- 1. Be informed
2. Be prepared
3. Manage your time
4. Understand the environment
5. Use the documentation
- Protect Your Unix and Linux Endpoints From Cyber Attacks
- How to Secure Unix and Linux Endpoints From Cyber Attacks
- How to Protect Windows Endpoints From Cyber Attacks
- How to Secure Windows Endpoints Against Cyber Attacks
- On the road to Jakarta EE 9 with Open Liberty betas – IBM Developer
- 8 steps to developing an Ansible role in Linux | Enable Sysadmin
- Install and review SpiderFoot network penetration testing tool - LateWeb.Info
- Six steps to managing SSH Key Sprawl in multi-cloud operations | Security Info Watch
- SSH keys are commonly used across three primary applications
1. Linux: Most public cloud workloads run on Linux and SSH has emerged as the de facto credential to secure remote access. In terms of security risks, exposing access or credentials over the open internet can make them vulnerable to attackers.
2. DevOps: SSH has become a tether between IT operations and developers, facilitating collaboration and security for automated build and release processes.
3. Remote work: Fully and hybrid remote work models are here to stay. SSH allows users to configure and manage systems from anywhere. Security and risk professionals within the organization must have complete and regular visibility into how SSH keys are being used, by whom and the level of access they grant.
6 step to manage
1. Discover and map keys: The first step in eliminating SSH key sprawl is to discover existing keys within your network and bring them into a centralized repository. Once you have gathered all your keys, you can start to map key-user relationships to better understand what they grant access to. Using a network-based mechanism to discover keys takes the heavy-lifting out of inventory and mapping trust relationships to associated users (private keys), servers and service accounts.
2. Analyze your risk: Once discovered, SSH keys must be thoroughly analyzed for potential vulnerabilities, either in configuration or usage. For instance, you will want to make sure that keys are only configured for root-level access when it is necessary. This phase is all about finding ways to reduce your potential risk exposure and achieve better ‘crypto-hygiene’ for auditability. Look closely for root-level access permissions, forgotten keys, orphaned public keys with no known private key and weak keys with shorter key lengths.
3. Remediate vulnerabilities: Once you have identified your risk exposure, you can take action to reduce it. This is not a one-time effort though – continual monitoring and reporting are essential in identifying new risks as they surface, such as rogue keys created out-of-band. With a complete and accurate inventory of all SSH key pairs, you can start to rotate or replace weak and outdated keys, remove duplicate keys or keys with unnecessary root access, and clean up unused or orphaned keys. If someone leaves the company, you can remove their keys from your servers to keep things clean and secure.
4. Create fresh key pairs and rotate them regularly: The best practice approach is to delete all untracked keys and replace them with freshly generated key pairs. Establish a streamlined process that allows specific authorized users to easily create and deploy keys through a simple, yet controlled workflow. Once new key pairs have been generated, they should be rotated regularly at pre-defined intervals to maintain compliance with internal or external policies and reduce the additional risk exposure that ‘stale’ keys create. Whether key rotation is triggered by the user via UI/API or automatically by the system (forced rotation), the backend process of provisioning new keys and removing the old keys on remote servers should be automated.
5. Control SSH keys and access: Now that you have deployed fresh SSH key pairs to target systems, it is important to define permissions for each key and control who has SSH-based access to which systems. This can only be achieved with a proper SSH key management tool, which allows you to centrally assign or revoke access to SSH hosts based on specific users and groups while orchestrating keys in the backend to facilitate those controls.
6. Continuously monitor: Unknown SSH keys pose a continuous threat to your organization. Achieving 100% control is not possible, but it is possible to stay ahead of threats by regularly conducting audits and continually monitoring your key inventory. It also helps to maintain an ongoing audit log of important events, such as key rotation, generation and provisioning.
- The 7 Best Ways to Batch Rename Files in Linux
- 1. Using the Ubuntu Rename Command
2. Rename Using the Perl Rename Utility
3. Batch Rename Files in Linux With qmv
4. Bulk Rename Linux Files Using Vimv
5. Batch Rename Linux Files With Emacs
6. Rename Multiple Files Using Thunar File Manager
7. Bulk Rename Files Using Smart File Renamer
- Interview With Jim Hall, Founder of FreeDOS - TechRound
- Parenting Tips: How to Communicate With Teenagers | Penniless Parenting
- 1. Remember That You Are Not Only a Parent but Also a Friend to Your Child
2. Understand That Your Child is Growing up
3. Have Dinner Together
4. Arrange Family Gatherings
5. Be an Example
6. Make Agreements
7. Do Not Expel Him to Work Ahead of Time
8. Resolve Сonflicts in Time
- How to Backup/Restore MySQL/MariaDB and PostgreSQL Using 'Automysqlbackup' and 'Autopostgresqlbackup' Tools
- Linux on Oracle Cloud Infrastructure: Networking your cloud made easy with short training videos | Oracle Linux Blog
- (16) DevSecOps Learning - YouTube
- https://docs.oracle.com/cd/E19253-01/819-5461/gbchp/index.html
- How I Beat the Berlin Rental Market With a Python Script
-
- How to Configure FirewallD in RHEL, CentOS and Fedora
- AMD Admits Their Zen 3 CPUs Are Vulnerable To Spectre-STL Attacks - LinuxReviews
- Excellent Utilities: scrcpy - display and control Android devices - LinuxLinks
- Best Linux Backup Software For Desktops And Servers
- Happy Backup Day | IT-Hure
- How to Create a Directory in Ansible – Linux Hint
- Top Tips for Securing Your Linux System in 2021.
- University of California victim of ransomware attack | TheHill
- StreamPi Home Page
- Why Is There a Chip Shortage? Covid-19, Surging Demand Cause Semiconductor Shortfall
- Digital Sign Solution with Screenly on the Raspberry Pi – CubicleNate's Techpad
- LCD Chalkboard Smart Sign, Raspberry Pi Powered – CubicleNate's Techpad
- GitHub - marin-m/SongRec: An open-source Shazam client for Linux, written in Rust.
- Tcpdump cheat sheet with examples
- Automating Linux patching with Ansible - Blog dbi services
- What Is a Cybersecurity Legal Practice? - Lawfare
- Failures Plague SSDs – The SSD Guy
- t
- Origami Maths – Face Graph of a Hypercube | Tinkerings
- The internet has become a tool for authoritarian repression | Engadget
- 5 everyday sysadmin tasks to automate with Ansible | Opensource.com
- Install a Multi-Master Kubernetes Cluster with Ansible | Lisenet.com :: Linux | Security | Networking
- Getting bytes to disk more quickly — 2021 — Blog — GNU Guix
- Running Oracle Linux in public clouds | Oracle Linux Blog
- https://docs.oracle.com/cd/E19253-01/819-5461/gammt/index.html
- Pack A Dryer Sheet In Your Luggage So Clothes Smell Fresh Upon Arrival - foXnoMad
- Evidence-Based Doomsday Prepping and Personal Finance — My Money Blog
- Enterprise Cybersecurity Measurement - Lawfare
- New wave of ‘hacktivism’ adds twist to cybersecurity woes - Japan Today
- VUW Accidentally Wipes Desktop Computers | News | Critic Te Arohi
- What is cloud native? | Ubuntu
- (6) Creating A Dmenu Script For Web Bookmarks And History - YouTube
- How to Install Tomcat 10 on Debian 10 – TecAdmin
- How I do my Computing — bandali
- bandali's personal site
- Who’s on First? Understanding Architecture Roles, Pt 1 | by Diana Kelley, SecurityCurve | Mar, 2021 | Medium
- Vulnerability Scanning Requirements for Containers - Vulnerability_Scanning_Requirements_for_Containers.pdf
- Why do we call these “DuPont” connectors? – Matt's Tech Pages
- Raising Security Awareness in Your Organization
- History of ZFS – Part 1: The Birth of ZFS | Klara Inc.
- Best Free and Open Source Intrusion Prevention for SSH - LinuxLinks
- fail2ban
denyhosts
- Acer reportedly hit by $50 million ransomware attack | Engadget
- curl is 23 years old today | daniel.haxx.se
- NIST’s Ron Ross: ‘The Adversary Lives in the Cracks’
- How the adversaries "live in the cracks";
The urgency to change defensive strategies and tactics;
How to approach systems security engineering going forward.
- PACS Flaws Put Data at Risk for 18 Months - HealthcareInfoSecurity
- Surgeries Are Being Cancelled Across Melbourne Due to a Cyber 'Incident'
- How to Buy an Ethical Digital Assistant in the Era of Listening Devices | OneZero
- Privacy Legislation Progresses in 5 More States
- Texas Medical Center Breach Affects 640,000 - HealthcareInfoSecurity
- Enable Adobe Flash support for the VMware Horizon Administrator console - ivobeerens.nl
- Deploying Encrypted Images for Confidential Computing | James Bottomley's random Pages
- Orca’s “State of Public Cloud Security” report reveals how most cloud security breaches happen • Graham Cluley
- These free tools from Recorded Future can make you a security intelligence expert • Graham Cluley
- Active Directory Pentesting: Lab Setup
- Comprehensive Guide on Autopsy Tool (Windows)
- Comprehensive Guide on Dirsearch (Part 2)
- Comprehensive Guide on Dirsearch
- Burp Suite for Pentester – Fuzzing with Intruder (Part 3)
- Burp Suite for Pentester – Fuzzing with Intruder (Part 2)
- Burp Suite for Pentester – Fuzzing with Intruder (Part 1)
- GitHub - upmc-enterprises/ATNA2FHIR: ATNA (DICOM) AuditMessage to FHIR AuditEvent converter
- Comprehensive Guide on FTK Imager
- pfSense Firewall Configuration Audit with pfAudit - /dev/random
- A Quick Introduction To fzf (Interactive Command-Line Fuzzy Finder) - Linux Uprising Blog
- Backup with these DeDuplicating Encryption Tools - LinuxLinks
- Who Pays The Price of Redundancy? | The Networking Nerd
- Linux perf-top basics: understand the % - Blog dbi services
- Oracle Database Appliance: ODA patch 19.10 is out - Blog dbi services
- PowerShell Forensics (from my session at Microsoft Ignite)
- How Raising the Minimum Wage Can Accelerate Human Job Loss to Automation | Daniel Miessler
- What Stevie Ray Vaughan Can Teach Us About Security Design | Techdirt
- Visualize multi-threaded Python programs with an open source tool | Opensource.com
- Cybersecurity
- The root password for this server is...
- Goodbye KMail, Hello Thunderbird
- Japan’s KAI Industries Has Developed the World’s First Disposable Paper Razor - Spoon & Tamago
- Third French hospital hit by cyberattack
- How I stand working with Windows VMs
- ZenTao: an open-source project management system for coders
- Why Compliance Is No Longer King for Financial ...
- Avoiding a 1984-Like Future
- We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
- SASE 101: Why All the Buzz?
- 1. They must own their network or contract with a substantial telecom network. They are delivering services over a network, which must, therefore, be rock-solid.
2. They must be a player in the software-defined wide area network (SD-WAN) world. SD-WAN makes it easier than traditional networking approaches to administer traffic across a network and provides a better user experience.
3. They must have network security chops, including expertise in intrusion detection, firewalls, content filtering, and secure web gateways. Those capabilities are necessary for offering security to branch offices.
4. They must adhere to a zero-trust concept: Never trust, always verify. No network user gets access to an application without verification.
- Why Do Windows Drive Letters Start With ‘C’? Why Not A Or B?
- vmadm: helping me manage my local libvirt VMs
- Devastating chip shortages could hit smartphones soon, too | PCWorld
- Build a router with mobile connectivity using Raspberry Pi | Opensource.com
- Preventing CSRF Attacks | Teleport
- Remotely monitor freezer temperatures with Raspberry Pi - Raspberry Pi
- Why Vulnerable Code Is Shipped Knowingly
- Often lost in the chaos of this cultural shift to a "need for speed" SDLC approach is the misalignment between DevOps and security practitioners' goals. Both teams must strive to balance their respective goals: getting new features out the door and minimizing software risk. We know this misalignment contributes to vulnerable code being shipped more often than it should be, but what most people don't realize is that this is happening knowingly, and quite often.
- Rancher, up and running, on EC2 - 1 - One node - Blog dbi services
- Standardized Personal Finance Advice: Reddit Flowchart Version — My Money Blog
- GHSL-2020-048: Remote Code Execution in Apache Velocity - CVE-2020-13936 - GitHub Security Lab
- 7 Cool Cyberattack and Audit Tools to be ...
- Threagile
Git Wild Hunt
Mr.SIP
Strafer - Elasticsearch
O365Squatting
AttackForge
Cotopaxi - run DICOM through it?
- OPNsense set up and configure DNS Over TLS (DoT)
- The inventor of the cassette tape has died | Engadget
- Using Nmap results to help harden Linux systems | Enable Sysadmin
- Alpine Linux Review: Ultimate Distro for Power Users | FOSS Linux
- US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
- US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.
- Realistic Patch Management Tips, Post-SolarWinds
- Curtis Franklin, senior analyst of enterprise security management at Omdia, says companies must have patch management technology to help automate the process now, "because it's gotten really beyond human-scale at this point."
- Summary: The Pentester's BluePrint | Daniel Miessler
- 30 Books That I Will Re-Read For The Rest of My Life | Daniel Miessler
- Safely Disposing of the Needle in the Haystack: Managing the Cyber Risks of Healthcare IoT ~ Cyber Thoughts
- During the early months of the Covid-19 outbreak, healthcare professionals were overworked and under-supplied. Governments were in chaos and squabbling over even the simplest of safety measures. Frontline facilities overflowed with terrified patients.
A nurse adjusts a face mask she’s been wearing for days. The message “smile for me” that she scribbled on in marker, is now as faded and hollow in message, as she feels in her ability to help the sick. She leans against a wall and checks her phone, hoping for a message from her family. She’s too afraid to go home in case she spreads the disease to her children, so she sleeps in the staff break room, along with her colleagues. Text messages are the only tether she has to hope.
An email pops into her mailbox. The subject line reads: “ALL STAFF: CORONAVIRUS AWARENESS”. The message notifies all medical personnel of facility wide online seminars to discuss new treatment measures and safety requirements. Exhausted, she clicks the link and registers for a seminar and thinks nothing more of another pointless bureaucratic task completed.
In the hours that follow, criminals use her credentials to access patient record systems, medical imaging suites and even internet-connected patient telemetry and treatment devices. By morning, every system critical to patient care is locked down with ransomware. The hospital is rendered useless. As administrators work to relocate patients to equally overloaded hospitals, medical staff resort to 1950’s paper-and-pen communication methods, slowing patient care by minutes and even hours. Those lost ticks of the clock, cost the lives of several patients with pre-existing heart conditions. This has actually happened in a hospital shuttered after a coronavirus-themed attack.
- Ryuk: Protecting Clinical Engineering from Ransomware Attack ~ Cyber Thoughts
- How Employee Training Influences Corporate Culture – Business
- 3 Tips For Successfully Running Tech Outside the IT ...
- Oversight
Make Marketing Part of Incident Response
Enable a Security Mentality in Marketing
- How to Avoid Getting Killed by Ransomware
- Step 1: Payload Delivery
Step 2: Establish Command and Control
Step 3: Discover and Spread
Step 4: Encrypt and Extort
- Living Frugally in 2021 – BeingFrugal.net
- 5 reasons why the cost of ransomware attacks is rising | CSO Online
- 1. Downtime costs
2. Costs associated with double extortion
3. IT upgrade costs
4. Increased costs from paying a ransom
5. Cost of reputational damage
- Unbreak My Heart | What I Learned for Building Better Medical Devices While Troubleshooting My Pacemaker | Veronica Schmitt
- Automate disabling of IPMI over LAN access on HPE iLO | rudimartinsen.com
- What’s The Deal With Snap Packages? | Hackaday
- The Tool to Help Track and Manage Your Cybersecurity Program | CSO Online
- The State of Healthcare Cybersecurity During Covid-19 | CSO Online
- CyberRatings.org - Unbiased ratings for cybersecurity technologies
- Medical Imaging Leaks Highlight Unhealthy Security ...
- How to Better Secure Your Microsoft 365 Environment
- Kia Denies Ransomware Attack as IT Outage Continues
- Learn SAML: The Language You Don't Know You're ...
- Learn SAML: The Language You Don't Know You're ...
- How to Create a Security-first Mindset | CSO Online
- Align security with business objectives and outcomes.
Forget short-term ROI metrics.
Set the tone at the top.
Continuously assess risk.
Create a shared responsibility model for employees.
- 33 hardware and firmware vulnerabilities: A guide to the threats | CSO Online
- CPU side-channel attacks
Spectre variant 1 - CVE-2017-5753
Spectre variant 2 - CVE-2017-5715
Meltdown variant 3 - CVE-2017-5754 - Rogue Data Cache Load (RDCL)
Meltdown-GP - CVE-2018-3640 - Rogue System Register Read (RSRE)
Meltdown-NM - CVE-2018-3665 - LazyFP
Spectre-NG - CVE-2018-3639 - Speculative Store Bypass (SSB)
Spectre-PHT - CVE-2018-3693
Meltdown-RW
Foreshadow-OS - CVE-2018-3620 - L1 Terminal Fault
Foreshadow-VMM - CVE-2018-3646
Foreshadow-SGX - CVE-2018-3615
Meltdown-PK and Meltdown-BND -(Protection Key Bypass) and (Bounds Check Bypass)
Spectre-PHT-CA-OP, Spectre-PHT-CA-IP and Spectre-PHT-SA-OP - Pattern History Table (PHT)
Spectre-BTB-SA-IP and Spectre-BTB-SA-OP -Branch Target Buffer (BTB)
Fallout - CVE-2018-12126 - Microarchitectural store buffer data sampling (MSBDS). part of a new class of side-channel attacks against CPUs that Intel calls Microarchitectural Data Sampling (MDS)
RIDL - CVE-2018-12127 and CVE-2018-12130 - microarchitectural load port data sampling (MLPDS) and microarchitectural fill buffer data sampling (MFBDS).
Zombieload - CVE-2019-11091 - microarchitectural data sampling uncacheable memory (MDSUM).
Starbleed - impacts FPGA
PLATYPUS - side-channel attack that abuses the running average power limit (RAPL) interface that's used to measure power consumption in CPU cores and is present in all Intel CPUs developed since 2011
DRAM memory Rowhammer attacks
Rowhammer - physical effect with security implications that occurs inside SDRAM chips when the same physical row of memory cells is read for a large number of times in rapid succession -- an action dubbed hammering.
Rowhammer.js - Rowhammer attack via JavaScript
Drammer - CVE-2016-6728 - Rowhammer-type exploit demonstrated in 2016 against Android devices.
Flip Feng Shui - Rowhammer attack against virtual machines, where a malicious guest VM can flip bits in the physical memory affecting a different virtual machine in a controlled manner.
ECCploit - demonstrates that Rowhammer-type attacks can work even against SDRAM chips that have error-correcting code (ECC) capabilities
Throwhammer - A Rowhammer attack that can be exploited over a network by leveraging the remote direct memory access (RDMA) feature
RAMBleed - first attack that has shown it is possible to use the Rowhammer effect to steal data from memory cells instead of simply modifying it.
Wide-impact firmware vulnerabilities
BlueBorne - A set of vulnerabilities announced in 2017 in the Bluetooth stack implementations of Linux, Android, Windows and macOS.
KRACK - Key Reinstallation Attack, is an attack revealed in 2016 that exploited a weakness in the WPA2 wireless security standard
BadUSB - allows reprogramming the microcontrollers in USB thumb drives in order to make them spoof other types of devices such as keyboards and used them to take control of computers or to exfiltrate data.
Thunderstrike and Thunderstrike 2 - exploited vulnerabilities in the firmware of Apple's Macbook devices
Thunderclap - execute privileged code on computers equipped with Thunderbolt ports.
ROCA - The Return of Coppersmith’s Attack (ROCA) is an attack against the Trusted Platform Modules (TPMs) and Secure Elements (SEs) produced by Infineon Technologies.
Intel Management Engine - Intel ME runs its own lightweight operating system which is completely separate from the user-installed operating system, which is why it has often been described as a backdoor in the security community.
- 6 board of directors security concerns every CISO should be prepared to address | CSO Online
- 1. Cyber accountability
2. Security status during COVID-19 and beyond
3. Security strategy
4. Benchmarking against industry best practices
5. Resilience to cyberattacks
6. Continuous compliance
- 26 Cyberspace Solarium Commission recommendations likely to become law with NDAA passage | CSO Online
- The Sarbanes-Oxley Act explained: Definition, purpose, and provisions | CSO Online
-
Section 302: Public companies need to file regular reports with the Security and Exchange Commission. Top executives must personally vouch for the information contained in these reports and are responsible for establishing internal controls of data.
Section 404: Annual financial reports must include a section on those internal controls assessing their effectiveness; any shortcomings discovered in those controls must be disclosed. Registered external auditors must vouch for management's assessment of the internal controls.
Section 409: Any material changes in the financial conditions or operations of the company must be disclosed to the public in a timely manner.
Sections 802 and 906: These are the sections that deal with penalties. We'll get into the details later in the article, but they forbid altering documents in a bid to impede an investigation and also make it illegal for anyone to certify a misleading or fraudulent financial report.
- Gigabit Wireless - WiFi 6 - UniFi 6-LR | b3n.org
- Exchange Hack News – Test tools from Microsoft and others | Born's Tech and Windows World
- Top 7 security mistakes when migrating to cloud-based apps | CSO Online
- 1. Using VPN for remote access
2. Setting up the wrong cloud portfolio
3. Your security posture isn't appropriate for the cloud
4. Not testing disaster recovery plans
5. Not optimizing authentication for a cloud-majority portfolio
6. An out-of-date Active Directory
7. Failing to seek help
- SystemRescue 8.00 Released with Linux 5.10 LTS, Xfce 4.16, and Improved exFAT Support - 9to5Linux
- How to reboot a broken or outdated security strategy | CSO Online
- CISSP certification guide: Requirements, training, and cost | CSO Online
- Windows 10: Enable built-in process/DLL logging | Born's Tech and Windows World
- Chris's Wiki :: blog/solaris/ZFSDedupTodayNotes
- Some useful tips about /dev/tcp | Andrea Fortuna
- 2020 Books on Data Science and Machine Learning « Oralytics
- Azure IO Performance for the RDBMS DBA- Part I
- JBoss EAP 7 – Domain Configuration - Blog dbi services
- AutoUpgrade One-liner – Databases Are Fun
- How to Stop Hardcoding Your TDE Keystore Password – Databases Are Fun
- Erman Arslan's Oracle Blog: OBIEE - Security Configurations & Custom SSO using a http Header or Cookie
- MOS 1489438.1
- Erman Arslan's Oracle Blog: OBIEE - Standalone HTTP Server configuration with OBIEE + Compression + Caching the response data
- Payroll/HR Giant PrismHR Hit by Ransomware? — Krebs on Security
- How SolarWinds Busted Up Our Assumptions About Code ...
- EPIC - Virginia Governor Signs Consumer Data Protection Act
- The Ultimate Guide to Secure, Harden and Improve Performance of Nginx Web Server
- 3 Metrics Every CISO Needs to Reduce Risk – and Build Budget | CSO Online
- Visibility
Start by determining how many log sources you own; then, measure how many of those sources are actually logging. After you determine how much of your environment you can see, you can then measure your detection content coverage mapped to industry frameworks such as MITRE ATT&CK® to understand how much visibility you have into known attack techniques.
Tool Efficacy
Measure how well your tools are working by looking at metrics around the number of issues or outages within a tool.
Team Performance
Look at metrics like false positive rate, anomalous safe rate, and true positive rate to determine where your team is spending the majority of their time and how well they understand your environment.
Security Automation to increase Team Performance.
- Hitting the Books: Elon Musk and the quest to build a better rocket engine | Engadget
- Jeff Bezos' basic philosophy of Gradatim ferociter, Latin for “Step-by-step, ferociously.”
“The good news is that I learned everything that can go wrong with turbopumps, and really how to fix them.” - Tom Mueller
- Biden administration brings expertise, new attitude to cybersecurity | CSO Online
- The most important cybersecurity topics for business executives | CSO Online
- Data privacy. Data privacy topped the list at 35%, and this makes sense given regulations like GDPR and CCPA.
Current cyberthreats. Nearly one-third (32%) of business and cybersecurity executives believe that executives want to know about current cyberthreats, and it is worth noting that this research was conducted before the SolarWinds hack.
Cybersecurity culture and training. This was a priority for 29% of organizations, but that doesn’t tell the whole story.
- 3 ways to speak the board's language around cyber risk | CSO Online
- “Presenting a full slate of risk scenarios to the board is not beneficial until the scenarios are ordered and prioritized using quantitative measurement that is in a familiar format for executives. The members of board committees are adept at managing financial measurements. The more a risk-management measurement resembles the financial statements and income projections that the board typically sees, the easier it is for board members to manage cybersecurity risk.”
- USB Image Tool for Windows easily backs up and restores your complete VMware ESXi hypervisor on USB or SD flash drives, a simple/free clone for peace of mind before patching or upgrading | TinkerTry IT @ Home
- KVM: Implementing linked clones with a backing file – Fabian Lee : Software Architect
- What is the HITECH Act? Definition, compliance, and violations | CSO Online
- SolarWinds: "IT's Pearl Harbor." | InsiderPro
- Virginia data protection bill signed into law | CSO Online
- New York issues cyber insurance framework as ransomware, SolarWinds costs mount | CSO Online
- CompuCom MSP hit by DarkSide ransomware cyberattack
- Linux Sponge - Soak Up Standard Input and Write to a File - Putorius
- 6 Ways to check user information in Linux | 2DayGeek
- Introduction to database normalization: the first three normal forms - LinuxConfig.org
- 7 Useful Tips for Self-hosting a Ghost Blog With Docker
- Ryuk ransomware develops worm-like capabilities, France warns
- Understanding the Impact of Enabling Guest Access in Microsoft Teams | Alexander's Blog
- Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708) - Help Net Security
- CVE-2021-26708
- How I Built a Web Scraper with Beautiful Soup and Used it to Land My First Job
- Red Hat Enterprise Linux 8.1 achieves Common Criteria Certification - Help Net Security
- How to perform a digital forensic analysis using only free tools | Andrea Fortuna
- Zero Day Initiative — CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi
- Remember Why – Joseph Griffiths
- Public entities care about three things:
Revenue – Total money they take in (keeping / increasing)
Profit – Money they keep after all expenses (keeping / increasing)
Risk – Things that will impact their ability to make revenue or profit (reducing / neutralizing)
- Using PowerCLI Image Builder CLI to build a new ESXi 7.0U1c image | Electric Monk
- CyManII
- Cybersecurity in 2021 Depends on These 6 Skills | CQURE Academy
- Azure Active Directory Security
PKI and Infrastructure Configuration Mistakes
Forensic Analysis and Data Log Extraction
Advanced Malware Analysis
Effective Whitelisting in 2020 (and Effective Code Execution Prevention)
Secure and Automated Infrastructure Management
- Windows registry Transaction Logs in forensic analysis | Andrea Fortuna
- Leading Experts - Adam Caudill
- Q3 Ransomware Demands rise: Maze Sunsets & Ryuk Returns
- Bill Sempf | The Trouble With Teaching Secure Coding
- A Practical Introduction to Container Security
- Full Cycle Teams in a FDA regulated setting | Bob on Medical Device Software
- SolarWinds’s Security Practices Questioned by Lawmakers - Bloomberg
- Oracle Database 21c New Security Features | Integrigy
- WebLogic Vulnerabilities - PeopleSoft Impact (CVE-2020-14882 and CVE-2020-14750) | Integrigy
- CVE-2020-14882 and CVE-2020-14750
- My Certified Kubernetes Administrator (CKA) Exam Experience - mwpreston.net
- Details on the New Desk Layout - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- Oracle Database Upgrades : One Size Does Not Fit All
- A layered approach to product design | The ORACLE-BASE Blog
- Vulristics: Beyond Microsoft Patch Tuesdays, Analyzing Arbitrary CVEs | Alexander V. Leonov
- Everything You Wanted to Know About Social Engineering - but didn’t know who to ask | CQURE Academy
- OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner
- What the AT&T Breakup Teaches Us About a Big Tech Breakup | Electronic Frontier Foundation
- Errata Security: We are living in 1984 (ETERNALBLUE)
- "When the lie passes into history, it becomes the truth"
- Healthcare Exchange Standards: COVID-19 Immunization Summary Document - use-case analysis
- Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy
- List of data breaches and cyber attacks in February 2021 – 2.3 billion records breached - IT Governance UK Blog
- Threatspec - Continuous Threat Modeling, Through Code
- 4 Ways Health Centers Can Stop the Spread of ...
- 1. Harden your foundation.
2. Compartmentalize your environment.
3. Filter your flow.
4. Authenticate, authenticate, authenticate.
- 6 best tools to monitor disk IO performance in Linux | 2DayGeek
- iotop
iostat
vmstat
atop
dstat
ioping
- The power of low expectations
- Review: The New weLees Visual LVM, a new style of LVM management, has been released | Linux Journal
- Using the Python Rich library to display status indicators | Open-Source Routing and Network Simulation
-
- Get a TLS certificate for your onion service
- Tips for using tmux | Enable Sysadmin
- The many lies about reducing complexity part 2: Cloud – R&A Enterprise Architecture
- MUST READ: Fast and Simple Disaster Recovery Solution « ipSpace.net blog
- How Ansible Configuration Parsing Made Me Pull My Hair Out « ipSpace.net blog
- Build Your Virtual Lab Faster with My Network Simulation Tools « ipSpace.net blog
- How long does it take to redeploy an ODA X8-2M? - Blog dbi services
- JENKINS Quick overview on Jenkins and Jenkins X - Blog dbi services
- How to quickly download the new bunch of 21c Oracle Database documentation? - Blog dbi services
- Oracle 21c Security : ORA_STIG_PROFILE and ORA_CIS_PROFILE - Blog dbi services
- A typical ODA project (and why I love Oracle Database Appliance) - Blog dbi services
- Validate your SQL Server infrastructure with dbachecks - Blog dbi services
- NTP is not working for ODA new deployment (reimage) in version 19.8? - Blog dbi services
- How to configure additional listeners on ODA - Blog dbi services
- What security does a default OpenBSD installation offer? (by solene@)
- Berkshire Hathaway 2020 Annual Letter by Warren Buffett — My Money Blog
- How I cut GTA Online loading times by 70%
- Charlie Munger Daily Journal Annual Meeting 2021 Full Video, Full Transcript, and Highlights — My Money Blog
- Build a home thermostat with a Raspberry Pi | Opensource.com
- 15 ways to leave your cloud provider | Tech Exec
- Notes on Addressing Supply Chain Vulnerabilities - The Mozilla Blog
- How to Install and Use GVM Vulnerability Scanner on Ubuntu 20.04
- Response: FrizN – Linux kernel – The curious case of CVE-2020-14381 — EtherealMind
- Chris's Wiki :: blog/sysadmin/SubdomainsAndDNSZones
- An Exploration of JSON Interoperability Vulnerabilities
- 3 Excellent Free Books to Learn about ClojureScript - LinuxLinks
- How to check memory utilization in Linux - nixCraft
- 2020 sees ransomware increase by over 400 percent
- Test, test and test some more: The importance of disaster recovery testing
- Digital forensics is the best offense and defense for cyber attacks
- Online vs offline: How COVID-19 has forced the world to go digital
- 5 ways to talk about cybersecurity with anyone
- Cloud misconfigurations take an average 25 days to fix
- Sysadmin university: Quick and dirty Linux tricks | Enable Sysadmin
- How I became a Kubernetes maintainer in 4 hours a week | Opensource.com
- Advancing the organization towards hyper versatility and perpetual innovation
- AIREX Manufacturing Energy Efficiency Products
- Building a Cybersecurity Strategy
- Six Key Cybersecurity Engineering Activities for Building a Cybersecurity Strategy
- 5 tips for choosing an Ansible collection that's right for you | Opensource.com
- Gab data breach may include 70GB of data on 15,000 users | Engadget
- Attackers collaborate to exploit CVE-2021-21972 and CVE-2021-21973 - Blueliv
- 2020’s Tax Burden by State
- 10 Useful Websites for Learning PostgreSQL Database System
- Microsoft to cut perpetual Office support by 50%, raise price by 10% | Computerworld
- Reducing support for Office LTSC and 2021 to five years makes the software less attractive in any comparison with Office 365/Microsoft 365. Perpetual licensing's biggest advantage over subscriptions is cost, but that advantage relies on the customer upgrading relatively infrequently. By offering an upgrade every three years and limiting support to five years, Microsoft has forced customers who want or need perpetual licensing to deploy every version. There's no way to skip an upgrade because there's no overlap in support for versions n and n+2.
- The Raspberry PI Cheat Sheet – Raspberry PI User
- ISO 8601: the better date format | Blog | Kirby Kevinson
- Gaming Rack Design and Construction – CubicleNate's Techpad
- Privileged access is the Achilles heel of enterprise security
- While 83 percent of enterprises give privileged access to third party organisations or contractors, with 31 percent frequently giving privileged access to third parties, 11 percent take at least a month to remove access once an employee or contractor leaves the organization.
- 7 essential cyber security tips for small businesses
- Adopt Smart Password Protocols
Use Layered Security To Your Advantage
Make Sure All Employees Are Properly Trained
Backup All Your Data
Use Firewalls And Encryption
Have Employees Protect Personal Devices
Always Be Prepared For An Attack
- Millions of medical images openly available online
- Building an agile IT budget
- The importance of TLS/SSL decryption in a zero-trust model
- Solaris 11.4 and user_reserve_hint_pct | c0t0d0s0.org
- I caused the guy who created Bitcoin to go into hiding -- by accident
- How cybercrime has adapted to the pandemic
- How To Find Number Of CPU Cores From Commandline In Linux
- 3 solid self-review tips for sysadmins | Enable Sysadmin
- Starting LaTeX on Ubuntu with the User Friendly Gummi
- Friction Finders | The Networking Nerd
- 6 resources and 3 tips to help you enter the world of Linux containers | Enable Sysadmin
- Korean Style Roasted Fennel and Sweet Potatoes Recipe | Penniless Parenting
- Releasing Windows 10 Build 19042.844 (20H2) to Beta and Release Preview Channels | Windows Insider Blog
- Why not rely on app developer to handle security? – Michał Górny
- SQL Assessment API
- Step by Step Guide to Setup LDAPS on Windows Server - Microsoft Tech Community
- SQL Injection | Impact of SQL Injection | - Dot Net Guide
- Intro into security principles in the context of database systems - Microsoft Tech Community
- Introducing adutil - A tool to ease configuration of AD authentication for SQL on Linux/Containers - Microsoft Tech Community
- Pi-KVM: an inexpensive KVM over IP - briancmoses.com
- Assessments | Microsoft Docs
- That grumpy BSD guy: RFC7505 Means Yes, Your Domain Can Refuse to Handle Mail. Please Leave Us a TXT If You Do.
- Oracle Database Appliance: what have you missed since X3/X4/X5? - Blog dbi services
- DHS Secretary Mayorkas announces new initiative to fight 'epidemic' of cyberattacks | TheHill
- 8000 PostgreSQL clusters on one host? - Blog dbi services
- Learn ODA on Oracle Cloud - Blog dbi services
- Learn ODA on Oracle Cloud
- Best Gigabit Routers | b3n.org
- 10 helpful Windows 10 hotkeys you might not know about » OnMSFT.com
- Ctrl+Shift+Win+B
- Lessons Learned From the SolarWinds Supply Chain Hack | LinuxInsider
- Sysprof and Podman – Zen and the Art of GNOME
- Finnish IT Giant Hit with Ransomware Cyberattack | Threatpost
- How to use Django Serializers – Linux Hint
- How to Break from a Bash While Loop? – Linux Hint
- Creating Bash Infinite Loop by Example Scripts – Linux Hint
- Create Bash Functions with Arguments – Linux Hint
- azruntime: Manage Azure Infrastructure with Python | Open-Source Routing and Network Simulation
- Upgrade to vCenter 7.0 and Decommission External PSC – The Wifi-Cable
- Monitoring Linux system resources using SAR (System Activity Report) - LinuxTechLab
- What is Systemd in Linux? - TREND OCEANS
- India's New Cyber Volunteers Program Explained: A Dark Future Or Safe Internet?
- Planning For The Worst Case You Can’t Think Of | The Networking Nerd
- CI/CD With VMWare And Ansible | Greg Sowell Saves The World
- Managing Leaders, Or Why Pat Gelsinger Is Awesome | The Networking Nerd
- abcde: Downloading Album Art...
- Linux System Monitoring Fundamentals | Linode
- Senate Intelligence Holds Hearing on the SolarWinds Breach - Lawfare
- Introducing Crowdsec: A Modernized, Collaborative Massively Multip
- abcde.conf · GitHub
- http://www.andrews-corner.org/linux/abcde/getalbumart.html
- SSH Certificates Security Hardening | Teleport
- DistroWatch.com: Put the fun back into computing. Use Linux, BSD.
- How to Modify Docker Images
- What Percentage of Income Do People Really Donate to Charity? — My Money Blog
- Baked Salmon Recipe
- Rosemary-Garlic Roasted Potatoes Recipe | Ree Drummond | Food Network
- The complete guide for NMAP Command - TREND OCEANS
- What Is Penetration Testing and How Does It Improve Network Security?
- How secure boot and trusted boot can be owner-controlled
- The PinePhone continues to evolve
- Chris's Wiki :: blog/solaris/ZFSPartialUpgradeOption
- 4 Good Open Source Log Monitoring and Management Tools for Linux
- 1. Graylog 2
2. Logcheck
3. Logwatch
4. Logstash
- How to measure the average CPU utilization of a Linux process
- Easy Honey Butter Brussels Sprouts Recipe | Penniless Parenting
- apt - "The following packages have been kept back:" Why and how do I solve it? - Ask Ubuntu
- sudo apt-get --with-new-pkgs upgrade
- Best Data Backup Applications for Linux – Linux Hint
- Blogging is futile — Starting a GNU Screen session via SSH's ~/.ssh/config
- Python “tricks” I can not live without | by Sebastian Opałczyński | Jan, 2021 | Level Up Coding
- Monitor Mikrotik Router with Grafana and Prometheus (mikrotik-exporter) | Lisenet.com :: Linux | Security | Networking
- Tools and Utilities Update | Data Protection Hub
- Migrating Two Factor Auth - Alan Pope's blog
- How Ansible got started and grew | Opensource.com
- Handling secrets in your Ansible playbooks | Enable Sysadmin
- VLC's open-source history: 20 years, 3.5 billion downloads - Protocol — The people, power and politics of tech
- Provide secure remote access to on-premises applications with Azure AD Application Proxy – Microsoft Systems, Cloud and azure professionals
- Strategy and tactics and Powerpoint | Seth's Blog
- Linked: Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools
- Achieving 100Gbps intrusion prevention on a single server | the morning paper
- Building an Anycast Secondary DNS Service
- Troy Hunt: Controlling Smart Lights Using Dumb Switches with Shelly and Home Assistant
- Troy Hunt: IoT Unravelled Part 5: Practical Use Case Videos
- Troy Hunt: IoT Unravelled Part 4: Making it All Work for Humans
- Troy Hunt: IoT Unravelled Part 3: Security
- Troy Hunt: IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering
- Troy Hunt: IoT Unravelled Part 1: It's a Mess... But Then There's Home Assistant
- PSA: Be wary of installing anything with SELinux set to permissive
- A New CPU is Coming - Better Be Prepared - Blades Made Simple
- Scaling the Active Directory Log Search with PowerShell • The Lonely Administrator
- Searching Active Directory Logs with PowerShell • The Lonely Administrator
- PowerShell Puzzles and Challenges • The Lonely Administrator
- An Active Directory Change Report from PowerShell • The Lonely Administrator
- Get Group Policy Links with PowerShell • The Lonely Administrator
- Nature vs. nurture: Does parenting even matter in child development?
- How Google Cloud's Kelsey Hightower became one of the most respected people in cloud computing - Protocol — The people, power and politics of tech
- Investigators suggest hackers exploited weak password security to breach Florida water facility
- How to Find What IP Addresses are Connected to Linux
- Parallel shells with xargs: Utilize all your cpu cores on UNIX and Windows | Linux Journal
- First Malware Infecting Apple M1 Chip Appears: Here's What We Know
- How to check the speed of your ssh connection - Webleit.info
- California DMV warns 20 months of records may have been exposed | Engadget
- Open-Source Kernel Security Technologies.
- 8 tips for reliable Linux system automation | Enable Sysadmin
- 1. Reduce network dependencies
2. Reduce software dependencies
3. Arrange automation jobs
4. Keep jobs short
5. Avoid non-essential operations at runtime
6. Use the right tools
7. Track failures
8. Use comments effectively
- The U.S. Needs a Cyber State of Distress to Withstand the Next SolarWinds - Lawfare
- Nutrition for kids: Guidelines for a healthy diet - Mayo Clinic
- How to plan your career - 80,000 Hours
- 10 container guides for sysadmins | Enable Sysadmin
- 10 Linux Hardening Tips for Beginner SysAdmins
- 10 Top Open Source API Gateways and Management Tools
- Significant vulnerabilities that crippled IT world this decade (2010-2020) - nixCraft
- The top 20 sysadmin guides and tutorials | Enable Sysadmin
- The Turris Omnia Security-Focused Open Source Router
- Twake - A Modern Open-Source Collaboration Platform
- sbx2-w3-medical-device-security-considerations-case-studypdf.pdf
- Jeanie Larson
2017
- sbx2-w3-medical-device-security-considerations-case-studypdf.pdf
- Jeanie Larson
2017
- Patching all my environments with the January 2021 OJVM Bundles
- Preventing Supply Chain Attacks like SolarWinds - Linux Foundation
- We can:
Harden software build environments
Move towards verified reproducible builds
Change tools & interfaces so unintentional vulnerabilities are less likely
Educate developers (such as the free courses from OpenSSF on edX)
Use vulnerability detection tools when developing software
Use tools to detect known-vulnerable components when developing software
Improve widely-used OSS (the OpenSSF is working on this)
Ask for a software bill of materials (SBOMs), e.g., in SPDX format. Many software producers aren’t ready to provide one yet, but creating the demand will speed progress
Determine if subcomponents we use have known vulnerabilities
Work towards providing SBOM information if we produce software for others
Implement OpenChain
- How to Create a KVM Virtual Machine Template
- How to flatten PDF documents - Tutorial
- Digital Hoarding: Ubuntu Mirror - Alan Pope's blog
- Florida city attacked by a hacker trying to poison its drinking water | Engadget
- Hacked water plant computer used shared passwords and Windows 7 OS | Engadget
- » TeamViewer – the ultimate security problem? | dwaves.de
- Patient records stolen from Florida and Texas hospitals get published on the dark web - SiliconANGLE
- How to Resize Images Using Python
- How to Create an Ansible Test Environment using LXD - buildVirtual
- Pi4 slow USB drive fixed
- Automating responses to scripts on Linux using expect and autoexpect | Network World
- Improve your software product delivery process performance using metrics (I) – Toscalix
- Destination status quo - Carmen Bianca Bakker
- Extracting the list of O'Reilly Animals
- The 10 Best and Useful Tips To Speed Up Your Python Code
- Learn And Code Confusion Matrix With Python
- How to adopt DevSecOps successfully | Opensource.com
- Solve a charity's problem with the Julia programming language | Opensource.com
- Restic Backups, A Flexible & Powerful Backup Solution - Front Page Linux
- DevSecOps: Image scanning in your pipelines using quay.io scanner | Enable Sysadmin
- Some Vue + Django tips
- Double helping of Pi Hole – whizzy.org
- Google Introduces A Database To Easily Track & Manage Open-Source Vulnerabilities - It's FOSS News
- (3) Introduction to Terraform - Deploying Oracle Linux on Oracle Cloud Infrastructure - YouTube
- (3) System Monitoring with mpstat on Oracle Linux 8 - YouTube
- Driving the organization towards Digital Innovation Excellence: 5 key dimensions to consider
- 1. Secure your business productivity competitiveness against peers, and from here your ability to push out differentiated digital value understood as digital products and services. We've already concluded that your rate of innovation is four times the market.
2. A unified software development and delivery capability with full business alignment is at the core of your strategy, this means that you are one of just 20% of organizations that have a development culture ensuring the competitive advantage of the business. This clearly separates you from the pack!
3. A unified automation strategy will underpin cross-team collaboration models, help ensure automation consistency and drive a culture of re-use. It can also help you drive a culture of discipline and a policy driven approach to security, governance and compliance allowing the organization to take advantage of leading-edge innovation. Again, this can put you in the top quartile of European organizations in terms of software delivery capabilities and automation prowess.
4. Through a hybrid cloud strategy you can help your organization’s digital resiliency by laying the foundation for an intelligent architecture that supports integration, security, portability and controls. You are also able to maximize the ROI of existing IT investments and drive a fluid data-led organization by orchestrating all data assets and ensuring data compliance.
5. Finally, to maintain competitive status the app delivery engine should be based on cloud native tenets to support rapid release and perpetual product development patterns. Running integrated cloud native operations across the organization will be key here to truly operate with efficiency and ensure speed-to-delivery alignment between teams and business functions. Today only one in five organizations are driving their cloud native activities formalized as well-governed, joined up programs spanning the entire business.
- 5 reasons why you should develop a Linux container strategy | Enable Sysadmin
- Openstack RDO && KVM Hypervisor: Setting up Tomcat 9.0.41 && mariadb-server 10.5 on Debian Bullseye/sid
- How I hijacked the top-level domain of a sovereign state | Detectify Labs
- tomboy-ng – Simple Note-Taking Application for Desktops
- System administration is dead, long live system administration! | Enable Sysadmin
- Turn your Raspberry Pi into a HiFi music system | Opensource.com
- Using OpenSCAP to help achieve HIPAA compliance with Red Hat Enterprise Linux 8.3
- Formatting tricks for the Linux date command | Enable Sysadmin
- 5 things we learned about Java in 2020 | Opensource.com
- Not So Open Any More: Elasticsearch Relicensing and Implications for Open Source Search
- How to Copy a Docker Image - Tutorial - buildVirtual
- An introduction to hashing and checksums in Linux | Enable Sysadmin
- building a simple KVM switch for 30€ | die-welt.net
- About CVE-2020-27348 |
- CVE-2020-27348
- Solene's percent % : Vger security analysis
- What can we learn from SQL's 50 year reign? A story of 2 Turing Awards
- Bob’s 2021 Tech Predictions: What a Difference a Pandemic Makes | I, Cringely
- How to Install Terraform on Ubuntu 20.04
- Open Source Management & Strategy Training Program Launched by The Linux Foundation - Linux.com
- WRT54G History: The Router That Accidentally Went Open Source
- Deter burglars with a Raspberry Pi chatbot - Raspberry Pi
- Analyzing Bugzilla Testcases with Bugmon - Mozilla Hacks - the Web developer blog
- Oracle Linux 8: Containers made easy with short training videos | Oracle Linux Blog
- Use Raspberry PI as FM Radio transmitter - peppe8o
- Arduino Blog » Homemade machine puts a new spin on winding yarn
- BIA or application catalog – Notes from MWhite
- My List of Unusual Things in DNS :: packetmischief.ca
- A Practical Guide to AWS Monitoring – Notes from MWhite
- How To List Installed Packages Sorted By Installation Date In Linux
- My handy guide to software development and testing | Opensource.com
- Home working increases cyber-security fears - BBC News
- Linux Kernel /etc/sysctl.conf Security Hardening - nixCraft
- The Fall of Microsoft’s IIS and Microsoft’s Faked ‘Love’ of What’s Defeating IIS and Windows | Techrights
- Implementing the ACSC "Essential Eight" baseline for security automation in Red Hat Enterprise Linux
- How To Plot Unix Directory Structure Using Python Graphviz
- (3) Docker Essentials (Part 7) - Creating Images - YouTube
- (3) Docker Essentials (Part 6) - Accessing Containerized Apps - YouTube
- (3) Docker Essentials (Part 5) - Making Containers Persist - YouTube
- (3) Docker Essentials (Part 4) - Running Containers - YouTube
- (3) Docker Essentials (Part 3) - Installing Docker on Windows 10, macOS, and Ubuntu - YouTube
- (3) Docker Essentials (Part 2) - What is Docker? - YouTube
- (3) Docker Essentials (Part 1) - Introduction - YouTube
- 7 fun Linux containers/image transports features | Enable Sysadmin
- How To Secure the Linux Kernel .
- World Economic Forum pegs cybersecurity failure as a major global risk - SiliconANGLE
- 4 open practices for a sustainable technology transition | Opensource.com
- 1. Transparency and trust
2. Knowledge evolution and adaptation
3. Collaborative innovation
4. Open business models
- Popular mythology spread by IBM parrots elogind vs consolekit2 1.2.2 | systemd-free linux community
- You cannot manage your supply chain – Open Source Security
- Patch a vCenter Server High Availability (VCHA) environment - ivobeerens.nl
- Installing Linux bash shell on Windows | Electric Monk
- The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack — ProPublica
- The start of a crazy journey: the SunFire V245 – OSnews
- Accepted Risks in Architectural Design
- Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities - Phoronix
- Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source | Google Open Source Blog
- Google Proposes "Know, Prevent, Fix" Framework For Dealing With Security Vulnerabilities - Phoronix
- How to Monitor Disk I/O performance in Linux | 2DayGeek
- Visualizing System Performance with RHEL 8 Part 3: Kernel Metric Graphing with Performance Co-Pilot, Grafana, and Bpftrace
- STIG Security Profile in Red Hat Enterprise Linux 7
- BSD Now 388: Must-have security tool
- Pf-badhost
- The Unexpected Find That Freed 20GB of Unused Index Space | Haki Benita
- Patient names and colonoscopy results from US hospitals posted by hackers to the dark web - The Verge
- Patient names and colonoscopy results from US hospitals posted by hackers to the dark web - The Verge
- "But it’s also dangerous when hospitals have data breaches — for 30 days after, more people die than usual, probably because people have to devote time to fix the systems rather than focusing entirely on medicine. "
- Biden: US taking 'urgent' steps to improve cybersecurity | TheHill
- Integrate devices and add-ons into your home automation setup | Opensource.com
- Asymptotic awesomeness
- It doesn’t matter if the first iteration produces something utterly useless, as long as I can improve it. The end goal is to get somewhere awesome, but the route may take me via appalling, awful, aggravating, annoying, adequate, acceptable, and alright.
- How to Save Time Running Automated Tests with Parallel CI Machines | Linux Journal
- Monitor HAProxy with Grafana and Prometheus (haproxy_exporter) | Lisenet.com :: Linux | Security | Networking
- Home Networking Upgrade – UniFi UAP-AC-PRO UFOs – Jon's FOSS Blog
- OpenWRT: USB storage | panticz.de
- Windows Administrative Tools | Free Server Management Tools
- Is the SolarWinds Cyberattack an Act of War? It Is, If the United States Says It Is. - Lawfare
- The SolarWinds Hack Can Directly Affect Control Systems - Lawfare
- Cyber ‘Deterrence’: A Brexit Analogy - Lawfare
- Enumerating a new network with Nmap | Enable Sysadmin
- On planning and estimating software development work
- I find that planning, in detail, beyond a week or two is likely to be useless. After that, too much changes that affects what I need to do, and how. Note the caveat of “in detail”: it’s fine to plan something like “over the next decade I will implement a backup program”, but planning to develop backups in September, restores in October, and adding encryption the first week in November is folly.
- Why the future of your business lies in your CISO’s hands | BT for global business
- Korean Style Steamed Zucchini Side Dish Recipe -- Gluten Free, Paleo, Vegan, and Easy | Penniless Parenting
- A Guide to systemd journal clean up process [With Examples]
- A Role for the Vulnerabilities Equities Process in Securing Software Supply Chains - Lawfare
- Ransomware: The Current Threat Landscape | New Jersey Cybersecurity & Communications Integration Cell
- Crooks exploit VMWare ESXi flaws to encrypt disks of VMsSecurity Affairs
- 5 Most Notable Open Source Centralized Log Management Tools
- Re-thinking safe-withdrawal rates and how much you'll need in retirement
- Canonical Releases Ubuntu Core 20 for IoT/Embedded Devices with Full Disk Encryption - 9to5Linux
- Considering privacy in a work from home world
- Oh, the Irony! Chrome is Blocking Security Tool Nmap Downloads Considering it a Security Threat - It's FOSS News
- Predicting Hard Drive Failure with Machine Learning - Datto Engineering Blog
- Kasada | Protection from Automated Threats | Bot Mitigation
- Ransomware provides the perfect cover - Help Net Security
- How to Build a Web Traffic Monitor with Python, Flask, SQLite, and Pusher – Linux Hint
- Python Script to Monitor Network Connection – Linux Hint
- How to Create a Database in MongoDB Using Python – Linux Hint
- Part 3 - Rancher Kubernetes Engine (RKE) Security Best Practice for Container and Runtime Security | StackRox
- Part 2 - Rancher Kubernetes Engine (RKE) Security Best Practices for Authentication, Authorization, and Cluster Access | StackRox
- Part 1 - Rancher Kubernetes Engine (RKE) Security Best Practices for Cluster Setup | StackRox
- Knowledge meets machine learning for smarter decisions, Part 2 - Red Hat Developer
- Knowledge meets machine learning for smarter decisions, Part 1 - Red Hat Developer
- Tomaz's dev blog: Built-in "Xray" like UNO object inspector – Part 1
- Configuration Database - Michael Jansen, Drive By Coding
- GameStop & Mark-to-Market Taxation of Capital Gains | Tax Foundation
- Why and How to Do Your Taxes with Open Tax Solver
- The KISS Web Development Framework | Linux Journal
- A typical web application would include all of the following building blocks:
Front-end layout (HTML/CSS)
Front-end functionality (JavaScript)
Back-end server code (Java, C#, etc.)
Communications (REST, etc.)
Authentication
Data persistence (SQL, etc.)
- sig-security/CNCF_cloud-native-security-whitepaper-Nov2020.pdf at master · cncf/sig-security · GitHub
- Forrester Report - Best Practices: Medical Device Security | Armis
- Inside WallStreetBets, the Reddit army that's rocking Wall Street - CNN
- 12 Cybersecurity Predictions For 2021 Every Organization Must Consider
- Arrest, Seizures Tied to Netwalker Ransomware — Krebs on Security
- SolarWinds Cyberattack: Layered OT Security Creates Best Defense
- Multi-OS PXE-booting from FreeBSD 12: Introduction (pt. 1) | eerielinux
- Installing System Rescue (CD) to a flash drive | Daniel Lange's blog
- How to Verify SHA256 Checksum of File in Linux
- Intel Discontinues Optane Consumer SSDs. Is This Important? – The SSD Guy
- Data classification at backup is a pointless placebo
- Linux in Healthcare - Cutting Costs & Adding Safety | Linux Journal
- How to Set Up ModSecurity with Apache on Debian/Ubuntu
- Developing a Cybersecurity Scorecard - Developing a Cybersecurity Scorecard.pdf
- 20 Cybersecurity Metrics & KPIs to Track | SecurityScorecard
- 14 Cybersecurity Metrics + KPIs to Track | UpGuard
- Another Sudo Root Privilege Escalation Vulnerability Got Patched, Update Now - 9to5Linux
- Simple router setup with nftables - Sysadmins Guide
- Best Way to Split Your Linux Terminal – Linux Hint
- How to Install GVM Vulnerability Scanner on Ubuntu 20.04
- 10 Facts About Wikipedia That You Didn't Know
- Money and Happiness: Happiness Keeps Increasing Past $75,000 a Year — My Money Blog
- Doc Searls Weblog · How we save the world
- Backup interchange format
- Install and Configure a PXE Boot Server for Kickstart Installation on CentOS 7 | Lisenet.com :: Linux | Security | Networking
- 6 Ways to Productively Grow and Manage Your Business – Productivity
- 1. Ramp Up on Automation
2. Collaborate More Smoothly
3. Choose the Right Tasks at the Right Time
4. Cut Down on Interruptions
5. Stay Focused on Your Goals
6. Keep your Resources Close at Hand
- Hyperion Works, LLC - Blogs : Converting a Clonezilla Image to a VirtualBox, KVM, or VMWare Virtual Machine Image
- Converting a physical machine to a virtual machine | Just moozing
- President Biden appoints 'world-class' cybersecurity team in wake of hacks | Engadget
- How to Store a Linux Command as a Variable in Shell Script
- Client Communication: 10 Ways to Create a Connection with Customers – Ideas
- Concretedog: Playing with the Raspberry Pi Pico!
- GitHub - Sycnex/Windows10Debloater: Script to remove Windows 10 bloatware.
- Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center
- 9 Essential Properties of Backup
- Retrospective for 2020 | The Frog Pond of Technology
- Top 5 Frugal Bloggers of 2020 – BeingFrugal.net
- Will a Tesla Save You Money on Gas? – BeingFrugal.net
- Software Development 101: The Basics of Cutting Costs – Business
- Windows 10: Upgrade Error 0x80244019 | Born's Tech and Windows World
- Bill Sempf | Application Security This Week for January 17
- Recipe Search with Typesense
- Cybersecurity Ramifications of the 2021 Storming of the United States Capitol - TidBITS
-
We should all take to heart the words of Kelvin Coleman, executive director of the National Cyber Security Alliance, who said, “Any time there’s a physical breach of a space, I automatically assume it was a digital compromise as well.”
- 2020 – my year in review
- 2020 – My Year in Books 📚 – data-nerd.blog
- What’s Your Work From Home DR Plan? | The Networking Nerd
- A Python learning path for network engineers | Open-Source Routing and Network Simulation
- 10 Secrets That Make IT Networking Fun And Easy - RouterFreak
- 1. I may sound boring but believe me, you need to invest in continuous learning
2. Team bonding is the magic concoction
3. Digitize and automate, not only in your mind but in the workplace too
4. Protect the network or get ready to work non-stop for days
5. You are not a networking person if you have not done anything about network security
6. Relax a bit, not when the network is down but once you get it back up
7. Go out of your way to offer tech support to someone you like
8. Read and keep yourself updated
IP routing Fundamental by Mark Sportack
Computer Networking: A top-down approach (6th Edition) by Kurose and Ross
TCP/IP network administration by Craig Hunt
TCP/IP illustrated (2 Volumes) by Richard Stevens
The Network Warrior by Gary A. Donahue
9. Share the issues you face with your best buddy
10. Writing down the technical issue in that secret diary of yours
- Notepadqq: Notepad++ alternative for Linux - Trend Oceans
- mattmillman.com on IPv6 once again – Matt's Tech Pages
- 8 steps to check your network interface information - The Linux Juggernaut
- Self-hosting Kubernetes on your Raspberry Pi
- Building Encrypted Images for Confidential Computing | James Bottomley's random Pages
- Modernize your skills – a 6-year anniversary post – Patrick Kremer
- Worldwide UDP:443 (EDT) DDOS on Citrix (NetScaler) Gateway | Born's Tech and Windows World
- 2nd backdoor found on infected SolarWinds systems | Born's Tech and Windows World
- SUNBURST hack: Microsoft’s analysis and news | Born's Tech and Windows World
- What I Learned from Re-Reading The Goal
- WMI filters to target sites and non Domain Controllers – Dimitri's Wanderings
- Taking Screenshots with PowerShell on Windows 10 | KC's Blog
- HOWTO: Check your LAPS Implementation for Proper Security - The things that are better left unspoken
- 1. When you don’t delegate viewing the LAPS passwords, you’re fine
2. When you run Windows Server 2003 Service Pack 1 and up Domain Controllers, you’re fine
3. When all devices in scope have the LAPS Client Side Extension installed, you’re fine
4. When you don’t fiddle with the confidentiality bit, you’re fine
5. When your Active Directory replicates fine, you’re fine
6. When people can’t change the mS-MCS-AdmPwdExpirationTime attribute, you’re fine
- AVJONE NC318 WiFi Smart Outlet Power Plug with Tasmota and 2xUSB Ports - Bootloader Blog
- SolarWinds hack: Microsoft and others also affected? | Born's Tech and Windows World
- SUNBURST malware: Analytic Tool SolarFlare, a ‘Kill Switch’ and EINSTEIN’s fail | Born's Tech and Windows World
- SUNBURST malware was injected into SolarWind’s source code base | Born's Tech and Windows World
- News in the fight against SUNBURST infection, domain seized | Born's Tech and Windows World
- Sloppiness at SolarWinds responsible for compromised software? | Born's Tech and Windows World
- Using the Elgato Stream Deck to change your screen resolution
- https://www.usenix.org/system/files/sec19-torres-arias.pdf
- New, free tool adds layer of security for the software supply chain | NYU Tandon School of Engineering
- Reflections on the SolarWinds Breach - Lawfare
- The New IOT Security Act Shows the Limits of Congressional Policymaking for Cybersecurity - Lawfare
- Business Budgets: How to Estimate Project Costs – Business
- Media Training: What Is It and Why Do You Need It? – Marketing
- A professional media training course will cover a lot of ground. However, here are some quick tips to bear in mind for media appearances:
Speak clearly and simply. One common problem among nervous speakers is the tendency to speak too fast. They also tend to use a lot of filler words (such as “um” and “er”) for fear of losing the listener’s attention. However, by speaking more slowly and clearly, you can often have the audience hanging on your every word.
In on-camera interviews, try to maintain good eye contact with the host. You don’t want to seem bored by the conversation. And looking around too much can even make you seem shifty or evasive.
Be sure to inject a good deal of your own personality into your responses. Part of the reason for the company to do a PR appearance is to let the public put a friendly face and a voice to the brand. Therefore, it’s best not to appear to be a script-reciting robot.
It’s also a good idea to do some background research on the interviewer and the type of show they present. What types of questions do they tend to ask? Are there types of guests who seem to get a better or worse response from them? Which demographics of people tend to tune into their broadcasts?
- How the world went from no COVID vaccines to two in under a year | Engadget
- Scanning for Vulnerabilities with ClamAV | Linode
- Setting Boundaries Before You’re Swamped | The Networking Nerd
- It’s a testament to the resilience of a group of sanitation workers behind the scenes whose job it is to clean up after management and sales and do the jobs no one else wants to do.
- How Long Should You Practice | The Networking Nerd
- "A reporter once asked boxing legend Muhammad Ali how many sit-ups he did each day. I’m sure the reporter wasn’t expecting Ali’s answer. Ali replied with:
I don’t know. I don’t start counting them until it hurts. Those are the only ones that count. That’s what makes you a champion.”"
“Don’t practice until you get it right. Practice until you can’t get it wrong.”
- Analyze monolithic Java applications in multiple workspaces with Red Hat's migration toolkit for applications - Red Hat Developer
- Windows 10 20H2 Update Reportedly Damages SSD File Systems If You Run ChkDsk
- EDIT: This article originally conflated the /r and /f commands. To clarify, the /f parameter is intended to fix errors on a disk, while /r locates bad sectors and recovers readable information, and includes the functionality of /f (without having to specify it separately). Users who are reporting problems (BSODs) claim it happens with the /f parameter, though in theory, it could happen with /r as well.
- WildFly server configuration with Ansible collection for JCliff, Part 3 - Red Hat Developer
- Top 14 SS Command Examples to Monitor Socket Connections
- Bare-metal Kubernetes with K3s
- How to install ESXi 7 Update 1
- vSAN Fault Domains | Some Design Thoughts
- The Ten Commandments of Backup
- 1. Plan for the Worst-Case Scenario
2. Use all Available Software Security and Encryption Options
3. Understand the Overlap Between Active Data Systems and Backup Retention Policies
4. High Availability is a Goal, Not a Technology
5. Backup and Disaster Recovery Strategies are Not the Same Thing
6. Backup Applies to Everyone in an Organization, so Include Everyone
7. One Backup is Never Enough
8. One Size Does Not Fit All
9. Test It. Then Test again. And Again…
10. Backup and Disaster Recovery Planning is a Process, Not a One-Time Event
- Using Ansible to automate your Laptop and Desktop configs! - YouTube
- Sweet and Sticky Garlicky Green Beans Recipe -- Gluten Free, Paleo, Vegan | Penniless Parenting
- How to Keep Healthy and Save Money Doing it | Penniless Parenting
- Why Schrems II Might Not Be a Problem for EU-U.S. Data Transfers - Lawfare
- How to Install Reveal.js on Ubuntu 20.04 and Create a Simple Presentation - RoseHosting
- UbuntuHak: FreeNAS home server backups Done Right
- Linux Run Commands As Another User – TecAdmin
- [Solved] No Bootable Medium Found Error in VirtualBox
- Modern software strategy for manufacturing companies - KDAB
- Allen K. Briggs Memorial Scholarship
- Permanent Transitions: What COVID-19 Changes Are Here to Stay? – Business
- GoComply with OSCAL & FedRAMP :: Introduction to oscalkit :: Šimon Lukašík — Technical Blog
- 7 best practice tips for managing remote teams | Enable Sysadmin
- Using ThinkPad T410 as a server
- 30 Basic commands which every Linux user should know - Trend Oceans
- How to Use Perf Performance Analysis Tool on Ubuntu 20.04
- Enterprise Java Transformation Continues with Rollout of Jakarta EE 9
- Become shell literate
- Graphana and OpenWRT based router – Sloppy Linux Notes
- How long does your IO take ? | Oracle Linux Blog
- iTWire - Attackers hit US Treasury through Microsoft Office 365; SolarWinds opens door to others
- iTWire - SolarWinds product used to attack private, public sector: FireEye claim
- iTWire - Researchers underline care taken to craft SolarWinds trojan campaign
- U.S. Agencies Exposed in Attack by Suspected Russian Hackers - Bloomberg
- Hackers backed by Russian government reportedly breached US government agencies - The Verge
- Suspected Russian hackers spied on U.S. Treasury emails - sources | Reuters
- Updating Docker Containers With Zero Downtime
- Everything You Need to Know about Linux OpenSSH Server
- TreeSheets - free form data organizer - LinuxLinks
- Taskline: manage your tasks with style
- Anatomy of a Linux Ransomware Attack.
- Hive Data Center: Server Colocation Montreal
- iTWire - When did FireEye know its defences had been breached?
- Suspected Russian hackers spied on U.S. Treasury emails - sources | Reuters
- U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise — Krebs on Security
- 23 Fundamental apt-get and apt-cache Commands You Need to Manage Your System – Linux Hint
- Security Researcher Reveals Solarwinds' Update Server Was 'Secured' With The Password 'solarwinds123' | Techdirt
- US Says Recent Hacking Campaign Hit Government Networks | Voice of America - English
- How to Disable IPv6 on RHEL/CentOS 8
- DHS Cyber Warriors Issue Warning About Massive Hacking Campaign, Disclose They've Been Hacked A Day Later | Techdirt
- Improving Cross-Browser Testing, Part 1: Web Application Testing Today - Mozilla Hacks - the Web developer blog
- VMware vSphere 7 Security & Features | ServerWatch
- What is Disaster Recovery? | ServerWatch
- SCAP Security Guide: helping you to achieve security policy compliance
- Container security requires more than securing your images – IBM Developer
- Google details what happened during Monday's cloud outage | Engadget
- How can I make Nginx Faster? – Linux Hint
- Linux Stat Command Explained
- That first CVE was a fun find, for sure.
- Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution | Threatpost
- SAL's NETWORK BOOT
- Boost Up Productivity in Bash - Tips and Tricks | Linux Journal
- Ending the “Dual-Hat” Arrangement for NSA and Cyber Command? - Lawfare
- Four Ways for President Biden to Fix Cyber on January 21 - Lawfare
- The Latest Skirmish in the Transatlantic Data Wars - Lawfare
- Warren Buffett | The Billionaire’s Life and Accomplishments – BeingFrugal.net
- CYBER CONFLICT DATASET
- The Strategic Implications of SolarWinds - Lawfare
- The operation was so devastating that SolarWinds employees appear to have engaged in a massive sell-off of stocks prior to public disclosure of the vulnerability.
- The SolarWinds Breach Is a Failure of U.S. Cyber Strategy - Lawfare
- 5 Java Performance Optimization Tricks - DZone Performance
- 11 Simple Java Performance Tuning Tips – Stackify
- Myths and misconceptions about financial independence and early retirement
- PANTS: a progressive web-based open-source nutrition ingredients and calories manager
- Microsoft confirms it found compromised SolarWinds code in its systems | Engadget
- U.S. Cyber Command's First Decade - Lawfare
- Sysadmin tales: Take a look back at an old school IT prank | Enable Sysadmin
- Terraform vs Ansible: What's the Difference?
- Ransomware Hits Dozens of Hospitals in an Unprecedented Wave | WIRED
- Waves of attacks on US hospitals show a change in tactics for cybercriminals - The Verge
- An introduction to Pluto [LWN.net]
- Best Alternatives to Adobe Reader on Linux – Linux Hint
- As Neil Gaiman says, “a book is a dream that you hold in your hands.”
- How to resize ZRAM (compressed swap) managed by systemd/zram-generator
- How to back up your music files on Linux
- Say hello to PLATYPUS, the latest CPU security problem | GamingOnLinux
- From best practices to community of practice: The Open Source Way journey
- iTWire - Cyber security centre warns of RAT targeting healthcare sector
- iTWire - New Windows ransomware RegretLocker encrypts virtual disks as well
- 21 Best Free Security Tools | CIO East Africa
- Maltego
OWASP Zed Attack Proxy (ZAP)
Samurai Web Testing Framework
Kali Linux
Fierce Domain Scan
The Harvester
Hping
John the Ripper
Nessus
NMap
OpenVPN
Ophcrack
OWASP Python Security Project
Wireshark
ModSecurity
Burp Suite
Metasploit
Aircrack-ng
TAILS
Qubes OS
Signal
- Ransomware attacks pose 2021 challenges for Congress | TheHill
- Publicly known support credentials expose GE Healthcare imaging devices to hacking | CSO Online
- How to Install and Configure Django on Linux System
- Logical Volume Manager (LVM) versus standard partitioning in Linux | Enable Sysadmin
- Proxmox vs VMware 2020 Comparison | ServerWatch
- 3 ways Kubernetes optimizes your IT budget | Opensource.com
- Tips for Passing the ITIL Certification Exam – Technology
- Here's the Average American's Mortgage -- and How to Pay Yours Off Faster
- New research on household debt found that the average U.S. mortgage balance, as of October 2020, was $215,655.
- How security and compliance automation can help achieve a more secure hybrid cloud
- Secure your containers with SELinux | Opensource.com
- A Basic Guide to Different Stages of Linux Boot Process
- How to Use hexdump Command in Linux? – Linux Hint
- A guide to security technologies in Red Hat Enterprise Linux
- Cyber insecurity | Linux Format
- Can you really COMBINE that code? | Joinup
- Time management: must-have tools and strategies for sysadmins | Enable Sysadmin
- Amazon Monitron, a Simple and Cost-Effective Service Enabling Predictive Maintenance | AWS News Blog
- Introducing KOpeningHours
- Encrypting directories with eCryptfs in linux - The Linux Juggernaut
- How to audit permissions with the find command | Enable Sysadmin
- Kubernetes Security Specialist Certification Now Available
- Red Hat, DarwinAI To Bring COVID-Net Screening Tool To Hospitals – TFiR: News, Interviews & Analysis shows hosted by Swapnil Bhartiya, covering the confluence of Cloud Native Computing, AI/ML & Security.
- Kmart, Latest Victim of Egregor Ransomware – Report | Threatpost
- As Hospitals Cope With a COVID-19 Surge, Cyber Threats Loom | SecurityWeek.Com
- Monitoring Disk I/O on Linux with the Node Exporter – devconnected
- A Intro to SAML – Ask the Architect
- AWS Audit Manager Simplifies Audit Preparation | AWS News Blog
- One last trip down memory lane with the Raspberry Pi Zero
- Vmware vs virtualbox: A Comparative Evaluation
- The NDAA’s National Cyber Director: Justifications, Authorities and Lingering Questions - Lawfare
- Renewing my thrill at work with Ansible | Enable Sysadmin
- Minder - mind-mapping tool - LinuxLinks
- Top 5 Linux Server Malware and Rootkits Scanners | FOSS Linux
- The Internet Archive are keeping Flash creations alive with the open source Ruffle | GamingOnLinux
- Managing Cybersecurity Program CostRafeeq Rehman – Personal Blog
- Zotero: Open Source App to Help You Collect & Share Research
- How To Install Django on Debian 10 - idroot
- The emerging cybersecurity headaches awaiting Biden - Axios
- OpenClinic GA: 500+ worldwide hospital Implementation with ~500 weekly downloads
- Finding rogue devices in your network using Nmap | Enable Sysadmin
- How this open source security tool halted significant DDoS attacks | Opensource.com
- Re-format blah,YYYYMMDD,blah as blah,YYYY,MM,DD,blah
- Everything You Need to Know About Bash For Loops in Linux
- Mind Your Step: Going On Sabbatical
- Capturing Decrypted TLS Traffic with Arkime - NETRESEC Blog
- How to Back Up Your Data in Ubuntu – Linux Hint
- Nginx SSL Setup in Linux – Linux Hint
- How Do I Create a Reverse Proxy in Nginx? – Linux Hint
- Top 10 Tools to Automate Linux Admin Tasks – Linux Hint
- DIY Pi KVM: An easy and cheap KVM over IP for Raspberry Pi
- Sleek: A simple To-do app that makes use of todo.txt file format
- Don't Panic: Kubernetes and Docker | Kubernetes
- Container Runtime Interface(CRI)
- Patient records stored by electronic health company found exposed online - SiliconANGLE
- Logitech K400+ Keyboard Water Spill Repair – CubicleNate's Techpad
- Recommended Reading: Ted Lasso and the American decline | Engadget
- RCS Messaging: Here's Everything Important You Need To Know
- Set Up ParseDMARC on Ubuntu 20.04 to Analyze DMARC Reports
- Building A Dashcam With The Raspberry Pi Zero W | Linux Journal
- Manage Windows Servers with Ansible | Lisenet.com :: Linux | Security | Networking
- The Time I Stole $10,000 from Bell Labs - ACM Queue
- New containerd Security Hole Needs to Be Patched ASAP – The New Stack
- FLOSSLinux: Preparing for release of Debian 10.7 over the weekend and CentOS / Scientific Linux 6.x and EPEL for 6 now EOL
- ufw | panticz.de
- WildFly server configuration with Ansible collection for JCliff, Part 2 - Red Hat Developer
- The Best RedHat-based Linux Distributions
- No 'bonenkai' this year ... and many employees won't miss them - Japan Today
- bonenkai (forget-the-year party)
- My Favorite Books of 2020 | Chris Sanders
- Backup or replicate - what's better? | ESX Virtualization
- AES and AES-NIElectric Monk | Electric Monk
- Deploying a EC2 Instance with PowerShell to AWS | davidstamen
- Terence Luk: Installing Microsoft .NET Framework 4.8 stalls at: "File security verification: All files were verified successfully. Installation progress:"
- vSAN Trim/Unmap functionalityElectric Monk | Electric Monk
- How to archive MS Teams - SharePoint Maven
- Fix PowerShell Error: “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.” – Ingo Karstein
- How to read and correct SELinux denial messages | Enable Sysadmin
- Run Pi-hole as a container with Podman
- Happy Happy 31st Anniversay - HCL Notes and Domino
- 12 Frugal Habits You May Already Possess – BeingFrugal.net
- Versatile Saag Paneer Recipe with Wild Edible Options, Vegan Options | Penniless Parenting
- In Praise of Chris Krebs - Lawfare
- Let’s talk about trace flags - Microsoft Tech Community
- Setup MySQL on Docker – Order Matters | eknori.de
- How to detect Cobalt Strike activities in memory forensics | Andrea Fortuna
- New Jersey law bars doxxing campaigns against judges, prosecutors and police | Engadget
- Sentimentality When Decluttering After the Death of a Loved One | Penniless Parenting
- Can Being Frugal Actually Keep You from Making Money? – BeingFrugal.net
- Microsoft's Windows turns 35 today | Engadget
- Homemade Gluten Free, Dairy Free, Refined Sugar Free Eclairs Recipe -- Frugal Fancy Food | Penniless Parenting
- Patch Management Standard - Health Information & Technology
- https://www.himssconference.org/sites/himssconference/files/pdf/20.pdf
- Donald Trump fires election cybersecurity director Christopher Krebs | Engadget
- CISOs offer insights into patch management strategies | Healthcare IT News
- How to Run PowerShell as Administrator
- YouTube went down | Engadget
- How China’s Control of Information is a Cyber Weakness - Lawfare
- Cyberattacks and the Constitution - Lawfare
- QEMU Live Update | Oracle Linux Blog
- New Intel Vulnerabilities Now Patched in All Supported Ubuntu Releases - 9to5Linux
- Configure Logitech, Steelseries And Other Gaming Mice On Linux Using Piper - Linux Uprising Blog
- Display Linux Commands Cheatsheets With Tealdeer Tool - OSTechNix
- wireguard | panticz.de
- 8 Creative Ways to Ease Transition from Crib to Big-Kid Bed | Penniless Parenting
- Create random files with random content with Java | eknori.de
- 4 Major Retirement Planning Mistakes Most Americans Make
- 1. Failing to maximize Social Security benefits
2. Counting on working in retirement
3. Not setting specific planning goals
4. Not planning for healthcare costs in retirement
- How to visualize RADIUS connections
- Using dnsmasq for your Homelab – Nixdevil.com
- The Earliest Linux Distros: Before Mainstream Distros Became So Popular - It's FOSS
- Best Practices for Deploying Hadoop Server on CentOS/RHEL 7 - Part 1
- Setting Up Hadoop Pre-requisites and Security Hardening - Part 2
- Securing Your Work From Home | The Networking Nerd
- Patching Oracle Database Appliance to 19.9 - Blog dbi services
- Erman Arslan's Oracle Blog: Weblogic -- Unsupported Major.Minor Version 52.0 , while making the custom application available to all clients
- Java SE 15 = 59 (0x3B hex),
Java SE 14 = 58 (0x3A hex),
Java SE 13 = 57 (0x39 hex),
Java SE 12 = 56 (0x38 hex),
Java SE 11 = 55 (0x37 hex),
Java SE 10 = 54 (0x36 hex),[3]
Java SE 9 = 53 (0x35 hex),[4]
Java SE 8 = 52 (0x34 hex),
Java SE 7 = 51 (0x33 hex),
Java SE 6.0 = 50 (0x32 hex),
Java SE 5.0 = 49 (0x31 hex),
JDK 1.4 = 48 (0x30 hex),
JDK 1.3 = 47 (0x2F hex),
JDK 1.2 = 46 (0x2E hex),
JDK 1.1 = 45 (0x2D hex).
- Serverless Security: Are You Getting it Right? – Notes from MWhite
- Company made to change name that could be used for website hacks | Engadget
- Funkyware: ITCetera: Adding IPv6 support to my home LAN
- How To Install Kanboard on Ubuntu 20.04 LTS - idroot
- ansible 2.10.x and Fedora/EPEL – Kevin's musings
- How the Kubernetes scheduler works | Opensource.com
- Kick Google Play Outside Your Smartphone With AuroraStore
- A sysadmin's guide to containerizing applications | Enable Sysadmin
- Run Your Own DNS over HTTPS (DoH) Resolver on Ubuntu with DNSdist
- Beginner Python Tutorial: Analyze Your Personal Netflix Data – Dataquest
- http://len.falken.ink/misc/writing-for-the-internet-across-a-human-lifetime.txt
- Guide To Frontend Testing Using Django | Codementor
- Using Netsh Commands for Wi-Fi Management in Windows 10 | ServerWatch
- 4 Cobol Misconceptions and My #5 | PaymentsJournal
- Council Post: COBOL Is Our Friend: Don’t Believe The Common Misconceptions
- What does a transformer? - Vincent Lequertier's blog
- Senaite: An Open-source Enterprise-grade Laboratory Information Management System (LIMS)
- USBGuard improvements in Red Hat Enterprise Linux 8.3: Protecting against rogue USB devices
- COBOL and $2,020,202.02 | Big Dan the Blogging Man
- spaces in ASCII(20) and EBCDIC(40).
- 5 surprising ways I use Jupyter to improve my life | Opensource.com
- WildFly server configuration with Ansible collection for JCliff, Part 1 - Red Hat Developer
- Gitpaste-12 Worm Targets Linux Servers, IoT Devices | Threatpost
- Older Android phones won't support many secure websites by September 2021 | Engadget
- How to create backups using Kup — Nitrux — #YourNextOS
- Automate Windows Server Setup with Windows Unattended Install | Lisenet.com :: Linux | Security | Networking
- How to move Request Tracker into a Linux container | Enable Sysadmin
- Reclaim hard-drive space with LVM - Fedora Magazine
- How to Secure Your Apache Server – Linux Hint
- How open source makes me a better manager | Opensource.com
- Linux Security Hardening for Beginners Part 03 – SSH Hardening - The Linux Juggernaut
- In case you missed it: Automation in the Public Sector Q&A at AnsibleFest
- The 10 Best Linux Web Caches For Better Performance
- That (not so) awesome time the police raided my home
- Build your own datacenter with PXE and Alpine
- Script to install Samba with settings for FOG | FOG Project
- iPXE - open source boot firmware [scripting]
- iPXE - open source boot firmware [examples]
- GitHub - AdrianKoshka/ipxe-scripts: Various chain/boot scripts for ipxe
- Tiny PXE Server
- Subsurface: An Open-source Multi-platform Diving Logbook for Divers
- 20 Awesome Nmap Command Examples in Linux
- ction is especially useful when performing vulnerability tests or ethical hacking. It allows the sysadmin to know if the firewall of the target host is enabled or not. To know the status of a firewall, use the -sA flag as shown.
$ nmap -sA 192.168.2.1
This initiates an ACK scan which examines whether packets can pass through un
- DEF CON Safe Mode Biohacking Village - Dameff, Tully - How COVID19 Changed Cyber Disaster Medicine - YouTube
- Experian’s data processing practices violate the GDPR - IT Governance UK Blog
- LogonTracer v1.5 Released - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Adaz - Automatically Deploy Customizable Active Directory Labs In Azure
- PowerShell-Red-Team - Collection Of PowerShell Functions A Red Teamer May Use To Collect Data From A Machine
- APICheck - The DevSecOps Toolset For REST APIs
- Nethive-Project - Restructured And Collaborated SIEM And CVSS Infrastructure
- Scrying - A Tool For Collecting RDP, Web And VNC Screenshots All In One Place
- Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
- Grype - A Vulnerability Scanner For Container Images And Filesystems
- Adobe Flash – it’s the end of the end of the end of the road at last – Naked Security
- FBI “ransomware warning” for healthcare is a warning for everyone! – Naked Security
- How to Find Out Your Windows 10 Edition, Version, and Build Number | Alexander's Blog
- Patch Lady – certificates lost @ AskWoody
- Analysis: Tactics of Group Waging Attacks on Hospitals
- US Hospitals Warned of Threat of Imminent Ransomware Attack
- Memory Forensics: Using Volatility Framework
- About Cybersecurity Management and Expectations – tisiphone.net
- Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser | FireEye Inc
- Cyberlaw Clinic and EFF publish Guide to Legal Risks of Security Research | Cyberlaw Clinic
- FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals — Krebs on Security
- I Actually Like Remote and Pre-recorded Presentations | Daniel Miessler
- How to Write Well | Daniel Miessler
- Summary
Clear writing is only possible with clear thinking, so start with an outline.
Fancy language communicates deception, so write like you’re talking to someone.
Wandering sentences lose the reader, so be clear and direct.
Flow creates impact, so alternate between short and long sentences.
- Rising Ransomware Breaches Underscore Cybersecurity ...
- Ransomware Wave Targets US Hospitals: What We Know ...
- How Healthcare Organizations Can Combat Ransomware
- Adopt a layered approach to cybersecurity: This strategic shift is vital in the defense against the growing number of sophisticated attacks, including ransomware. Doing this requires integrating various tools, including antivirus, firewalls and web filters, and screening for malicious activity to minimize the risk. Adopting a layered cybersecurity strategy reduces the vulnerabilities within the healthcare network.
Rethink business continuity: For healthcare enterprises where data has life or death implications, it's critical that the business continuity plan reflects that fact. Backing up sensitive patient data weekly or even daily is not sufficient in healthcare, and organizations should look for a continuous backup solution that allows them to treat sensitive information appropriately. It's important to note that when it comes to business continuity, one size doesn't fit all. Also, attackers have gotten very sophisticated about targeting backups during ransomware attacks, so ensuring offline or otherwise protected backups of critical data are available is extremely important.
Phishing training: With attacks often being initiated via email, healthcare organizations must undertake regular training to help raise awareness of the pitfalls. With people working 24/7 in distributed environments, training healthcare workers needs to be more flexible to ensure that no one is forgotten. It's important to educate employees on spotting suspicious links and being mindful of grammar, punctuation, spelling, and formatting errors, as these are often phishing red flags. Arming everyone with this knowledge and updating them regularly on the latest cyber scams reduces the likelihood of employees clicking on dubious links and can help ward off attacks.
Strengthen employee passwords: Trojan malware often attempts to propagate through an environment using lists of common or compromised passwords. Emotet, one of the suspected Trojans involved in the UHS attack, does this. Hospitals must end the practice of sharing credentials and integrate a tool to continuously search for exposed, common credentials. If employee or admin credentials are compromised or using common passwords or derivatives of common passwords, it's easier for nefarious actors to initially access and propagate through corporate infrastructure.
Make multifactor authentication mandatory: Sensitive systems and data should require more than one login layer for security. Organizations must add additional authentication mechanisms to deter hackers rather than hoping than one will suffice.
Only permit remote access via a virtual private network: Healthcare organizations have many workers that aren’t on the front lines and are working remotely for the foreseeable future. Hospitals must mandate that employees use a VPN to access work-related systems or data from home to keep this information protected.
- Tell Us How You Want to Modify and Repair the Devices in Your Life | Electronic Frontier Foundation
- DeepSec 2020 Talk: No IT Security Without Free Software – Max Mehl • DeepSec In-Depth Security Conference
- To Automate or To Reduce the Noise? - /dev/random
- Advanced Copy - Add Progress Bar To cp And mv Commands In Linux - OSTechNix
- Chris's Wiki :: blog/linux/CyberPowerPowerpanelSettings
- Chris's Wiki :: blog/sysadmin/UPSIssuesLearningExperience
- Enabling ClamAV on Nextcloud - Networkshinobi
- GitHub - danmed/Docker-Compose-Backup: Create compose files from running containers
- Learning To Listen For Learning | The Networking Nerd
- Don't Contribute Anything Relevant in Web Forums Like Reddit
- Building wave of ransomware attacks strike U.S. hospitals | Reuters
- iTWire - Italian energy giant Enel hit by Windows NetWalker ransomware
- Monitoring Temperature in Raspberry Pi – Linux Hint
- Eight ways to protect SSH access on your system | Enable Sysadmin
- How to Monitor Ubuntu Performance Using Netdata
- Application acceleration in vSphere 7
- Writing in Python – when work and life intersect – Patrick Kremer
- How to Install Jira Agile Project Management Tool on Ubuntu 20.04
- Ansible Playbook: Complete Beginners's Guide
- AdGuard Home: Another Brick in the Ad-Blocking Wall | LinuxInsider
- Software correctness is a lot like flossing • Hillel Wayne
- A post-COVID IT roadmap -- FCW
- Oracle Continues Building DTrace For Linux Atop BPF - Phoronix
- How To Become The Ultimate DIY Parent | Penniless Parenting
- Docker Content Trust – Set environment variables correctly | Born's Tech and Windows World
- What is DevSecOps? Everything You Need To Know About DevSecOps
- DEF CON Safe Mode Biohacking Village - Mitchell Parker Panel - Advancing Medical Device Security - YouTube
- 5 new sudo features you need to know in 2020 | Opensource.com
- Oracle October 2020 Critical Patch Advisory - PL/SQL detailed changes - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Deploy Windows 10 20H2 Reference Image – gal.vin
- FBI warns hospitals of 'increased and imminent' ransomware threat | Engadget
- How to Install and Use Siege Benchmarking Tool on Ubuntu 20.04
- Secure your Kubernetes secrets with smart cards and libssh - Red Hat Developer
- TCP Analysis with Wireshark | Linux Journal
- How to install the Kubernetes dashboard > Tux-Techie
- Configure Ansible and Run ad-hoc Commands
- Cyber Awareness Training a Must for Third-Party Contractors - Security Boulevard
- Improving on the Typical SIEM Model - Security Boulevard
- Ransomware's Next Target: Backup Data - Security Boulevard
- The Nastiest Malware of 2020 | Webroot
- Microsoft's Kubernetes Threat Matrix: Here's What's ...
- Webcast: The SOC Age Or, A Young SOC Analyst's Illustrated Primer - Black Hills Information Security
- Creating Adaptive Cards via Teams Incoming Webhooks Using PowerShell
- How to Configure NGINX as TCP/UDP Load Balancer in Linux
- 5 Human Factors That Affect Secure Software Development
- Developers Need Focused Attention
Unfocused contribution rises when a developer is modifying multiple files or when the number of unique contributors to a file increase. Unfocused contribution is associated with a greater number of vulnerabilities.
Bigger Teams Correlate to Less Secure Code
Larger teams mean more weaknesses and vulnerabilities. It’s hard to say what the ideal team size is. But research shows that Chromium files with 9 or more developers were 68 times more likely to have a vulnerability, and Apache web server files with 9 or more developers were 117 times more likely.
Excessive Work Hours Affect Performance
Research-based guidelines in aviation and medicine indicate that people engaged in safety-critical work should not work more than 11 hours per day. It is well-known that human performance degrades significantly as people work long periods of time.
The Time of Day Code Is Written Matters
Code churned between midnight and 8 AM and noon to 4 PM have files with more vulnerabilities.
Team Location Does Not Influence Code Security
Research conducted by Microsoft found no difference in software security between teams in the same building, cafeteria, campus, locality, or even continent. Distributed teams and co-located teams had essentially the same number of post-release failures. This is good to know as we now live in a remote working environment.
- WannaCry Ransomware Explained
- COVID-19 has created demand for cyber security personnel - IT Governance UK Blog
- Zero Day Initiative — CVE-2020-16939: Windows Group Policy DACL Overwrite Privilege Escalation
- CVE-2020-16939
- Employees Aware of Emailed Threats Open Suspicious ...
- A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
- Sooty - A SOC Analysts Tool - Part I - Security Boulevard
- Qualys severity vs CVSS - The Silicon Underground
- Sysadmin Stories: PowerCLI - Optimizing Scripts
- Erman Arslan's Oracle Blog: ODA -- All MMONs die at random times and DBs down / investigation
- CISM certification guide: Requirements, prerequisites, and cost | CSO Online
- Keeping A (log)Watchful Eye on Your VPS With logwatch - Low End Box
- Healthcare Exchange Standards: Patient Generated Health Data
- DeployHappiness | The Best Trick I’ve Learned This Year
- The Five Love Languages- It's More Complicated Than You'd Think | Penniless Parenting
- DIY wood crate shelves - The Silicon Underground
- Forensic Investigation: Shellbags
- 7 steps to ensure a successful CISO transition | CSO Online
- 1. Be open, candid, and positive
2. Create a transition plan
3. Brief the new CISO on business and security activities
4. Provide documentation of security tools and practices
5. Be honest but factual about organizational and staffing issues
6. Involve stakeholders in the onboarding process
7. Step away, but follow up
- Terence Luk: PowerShell script to extract ObjectGUID, convert to Base64 encoded string, and assign immutableID for Azure AD account for hard matching with AD Connect
- Principal Component Analysis (PCA) in Oracle « Oralytics
- How NLP is Transforming Cyber Risk and Compliance - Security Boulevard
- Digital Forensic Basics: an analysis methodology flow chart | Andrea Fortuna
- How to Leverage Nessus Scan Reports for Better Vulnerability Assessment - Blog | Tenable®
- Proxmox device passthrough - Networkshinobi
- Install Home Assistant on ESXi-ARM - ivobeerens.nl
- Upload OVA to Proxmox/ KVM – JamesCoyle.net Limited
- Importing OVA file to Proxmox 6.1.3 - Networkshinobi
- Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats
- Manuka - A Modular OSINT Honeypot For Blue Teamers
- Putting open values into management practice | Opensource.com
- Kubernetes the hard way | panticz.de
- HPE addresses critical auth bypass issue in SSMC consoleSecurity Affairs
- Hacking HTTP CORS from inside out: a theory to practice approach | by Lucas Vinícius da Rosa | InfoSec Write-ups | Oct, 2020 | Medium
- Nessus Essentials with offline registration and plugin updates | Alexander V. Leonov
- Cyberattacks against machine learning systems are more common than you think - Microsoft Security
- Erman Arslan's Oracle Blog: ODA as a Weblogic Appliance ? Or is it better to consider PCA?
- Analyse Linux (syslog, auditd, ...) logs with Elastic
- Microsoft Teams phishing campaign targeted up to 50,000 Office 365 usersSecurity Affairs
- The 20 Best Java Courses for Beginners and Experienced Programmers
- DEF CON 28 Safe Mode BioHacking Village - Meg Doerr's 'Cybersecurity Informed Consent 4 Medical Devices' - Security Boulevard
- Certifications: Preparing for and passing CCSP! - Syspanda
- Risks cannot be eliminated, there will always be residual risk
Human Life is the most valuable (ALWAYS)
Security everyone’s responsibility
If it’s not necessary to your business or function, get rid of it (otherwise it will create a liability for your organization)
ISC2 exams are international, keep in mind that international based-answers are better than regional answers (Perfect example is GDPR which applies to multiple countries)
If it can’t be measured, it can’t be managed
Regulations & Laws should be treated as additional risks
If you develop/design anything with Security as an initial consideration and throughout it’s lifecycle, it will make things easier & more cost effective
Thorough testing (e.g. DAST/SAST) will always find a problem (Specifically in SDLC).
Separation of duties will always be the best answer (No self audit)
Chain of Custody should always be established first and maintained
Risk Assessment is never-ending
Think like a manager when answering most questions (In terms of governance), but have a thorough understanding of technology to be in a position to suggest potential solutions to problems.
Top bottom Develop a security culture from Top to bottom (Always have buy-in from the top)
Make sure you read the question thoroughly. Some of the questions are lengthily as they’re scenario based; however, focus on the key terms such as “Which one is the best, Which one is NOT” so you don’t jump ahead.
You may mark questions during the exam and come back to them later, don’t waste your brain power in tackling confusing questions. Sometimes other questions might give you the answer or make your brain remember that particular concept better.
- AutoGadgetFS - USB Testing Made Easy
- Five worthy reads: Preparing an incident response plan for the pandemic and beyond - Security Boulevard
- Book Review: Twilight of Democracy - Open Canada
- “Democracy is not about instant gratification. It’s about sifting and balancing. In other words, the features that make democracy successful also make it dull, even alienating. But why is it in such acute crisis today?”
- Formative assessment in the computer science classroom - Raspberry Pi
- The No People - Furrygoat
- Centralize and Automate your AppSec or Risk Being Buried Alive! - ZeroNorth
- PowerShell: Check if Program or Update is Installed and Download with BITS and Install - The Grim Admin
- Directory Traversal — Web-based Application Security, Part 8 - Security Boulevard
- 6 top risk factors to triage vulnerabilities effectively - Security Boulevard
- Out of the 787 Common Vulnerabilities and Exposures (CVEs) published by Microsoft 2019, 731 of them had a severity rating of seven or above.
- What Really Matters In Your Personal Finances — My Money Blog
- If you’re young, how much you save
If you’re retired, how much you spend
How you behave when markets panic
Your allocation between stocks and bonds
How much you pay in fees
- What is a database backup (back to the basics) - Blog dbi services
- 8 New and Hot Cybersecurity Certifications for 2020
- Certified Data Privacy Solutions Engineer (CDPSE)
Certified Information Privacy Technologist (CIPT)
Certified Ethical Emerging Technologist (CEET)
CyberSec First Responder (CFR)
• Cloud security certifications from Amazon Web Services, Microsoft Azure, and Google.
• Infrastructure certifications from vendors like Cisco and Palo Alto Networks.
• Product certifications from vendors that apply to specific controls: vulnerability management, privileged access management, and security event information management.
Certified Kubernetes Security Specialist (CKS)
Certified Information Systems Security Professional (CISSP)
- Open Education and Artificial Scarcity in Hard Times | Electronic Frontier Foundation
- Cybercrime: It’s Not About How, But Why? | BehavioSec
- Corporate Botnets: It is estimated that 70% of computers that belong to “botnets” (computers under the control of “botmasters”) are behind corporate firewalls. The average duration of a botnet-controlled computer is only three to six months; however, the recidivism rate for the same computers to return to botnet control is more than 50%.
Outdated Software Vulnerabilities: From audits of large and small organizations, both public and private, more than 80% of computers, network devices, and related services applications have outdated software – with known or identifiable weaknesses either because of improper configuration or inventory lethargy.
IT Staff Turnover: Additionally, the average tenure of an information technology or services staff member in a distinct functional role is less than one year; while related pay and benefits change only approximately every three to five years.
- Weird: Wrong Subnet Mask Causing Unicast Flooding « ipSpace.net blog
- A CISOs Guide to Digital Transformation
- NSA Top Secret History of Computer Security | flyingpenguin
- The Most Innovative ~$50 Graphics Card For Linux Users - Phoronix
- New Report on Police Decryption Capabilities - Schneier on Security
- Why ransomware has become such a huge problem for businesses - TechRepublic
- Secure NTP with NTS - Fedora Magazine
- DEF CON 28 Safe Mode BioHacking Village - Dena Medelsohn's & Jen Goldsack's 'Redefining Patient Safety' - Security Boulevard
- Let’s build a high-performance fuzzer with GPUs! | Trail of Bits Blog
- Considerations for Starting a NIST CSF Assessment - Security Boulevard
- Catching Lazarus: Threat Intelligence to Real Detection Logic - Part Two
- How to check TLS/SSL certificate expiration date from command-line - nixCraft
- Security and Compliance in vSphere 7
- Internet Explorer: No more support for Microsoft accounts and apps | Born's Tech and Windows World
- Powershell – List Domain users as local admins on member servers | geekdudes
- Securing Postgres connections using Let’s Encrypt certificates | Logan Marchione
- Getting Big Things Done - Marc's Blog
- Checking SSL/TLS Certificate Expiration Date with PowerShell | Windows OS Hub
- vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA - The things that are better left unspoken
- Securing Internet-Connected Devices in Healthcare | Gurucul Solutions
- Safeguarding Our Health Information in a Global Pandemic - Security Boulevard
- Securing DevOps Using Deception and Denial - Security Boulevard
- Why More Cybersecurity Threats Since WFH?
- Implementing a zero-trust model: The key to securing microservices
- Active Directory: Explained
- Problem Solving - Lessons From Teaching Cybersecurity: Week 4
- Cyber Risk Management: Protecting Data, Infrastructure and People | Axio
- Montréal Public Transport Agency Discloses Ransomware Attack
- The 11 Hottest Cybersecurity Certifications In 2020
- Certified Information Security Systems Professional (CISSP)
AWS Certified Security – Specialty
Certified Cloud Security Professional (CCSP)
ISACA Certifications – CISA, CISM and CRISC
OT Security Certifications
Palo Alto Networks - PCNSA and PCNSE
Systems Security Certified Practitioner (SSCP)
Certified Ethical Hacker (CEH)
SANS Institute Certifications
Cisco Identity Services Engine (ISE)
AV-Test And MRG Effitas
- Threat hunting (VI): hunting without leaving home. Creating our victim - Security Art Work
- Boolean Math (NOT Logic) – CISSP Domain 3 – Professionally Evil Insights
- ☀ How to Build an Arduino Data Logger ☀ | Underwater Arduino Data Loggers
- Got a problem? - NevBlog
- 4 Approaches to Securing Containerized Applications | Radware Blog
- 1. External threats – This very first one isn’t new; threats from external users from the internet transact with the application. This typical client-to-server traffic is also known as North-South traffic.
2. Lateral threats – In microservices, the focus shifts to the transfer of data packets from server to server, or microservice to microservice, within a data center or VPC. This internal communication is also known as East-West traffic. Securing East-West traffic is crucial to reduce surface available for malicious activity.
3. API Security – APIs are the main vehicle for East-West data exchange between microservices, using different protocols – REST, gRPC, GraphQL or others. The threats to APIs vary and include unauthorized access, protocol manipulations, denial of service and a wide range of bot attacks.
4. Open source – there are so many great tools, modules, and functions off the shelf; however, there’s no guarantee that they are tested or patched for security.
5. End-to-End encryption – Enterprises today are less tolerant of any form of cleartext communication and require SSL/TLS termination at the host level. This way, they avoid maintaining multiple certificates dispersed across multiple locations.
- 2020 Verizon Data Breach Investigations Report: Summary and key findings for security professionals
- Top 10 Application Security Best Practices - Security Boulevard
- Common Vulnerability Scoring System SIG
- 84% of Security and Development Professionals Believe ‘Security Champions’ Programs Can Improve Relationship Between Security and DevOps Teams - Security Boulevard
- The Baseline – Quick Fixes
- NSA details top 25 flaws exploited by China-linked hackersSecurity Affairs
- These include:
1) CVE-2019-11510 – In Pulse Secure VPNs, ® 7 an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. This may lead to exposure of keys or passwords.
2) CVE-2020-5902– In F5 BIG-IP® 8 proxy / load balancer devices, the Traffic Management User Interface (TMUI) – also referred to as the Configuration utility – has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
3) CVE-2019-19781 – An issue was discovered in Citrix® 9 Application Delivery Controller (ADC) and Gateway. They allow directory traversal, which can lead to remote code execution without credentials.
4+5+6) CVE-2020-8193, CVE-2020-8195, CVE-2020-8196– Improper access control and input validation, in Citrix® ADC and Citrix® Gateway and Citrix® SDWAN WAN-OP, allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users
7) CVE-2019-0708 (aka BlueKeep) – A remote code execution vulnerability exists within Remote Desktop Services®10 when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests
8) CVE-2020-15505 – A remote code execution vulnerability in the MobileIron®13 mobile device management (MDM) software that allows remote attackers to execute arbitrary code and take over remote company servers.
9) CVE-2020-1350 (aka SIGRed) – A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests.
10) CVE-2020-1472 (aka Netlogon) – An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC).
11) CVE-2019-1040 – A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection.
12) CVE-2018-6789 – Sending a handcrafted message to an Exim mail transfer agent may cause a buffer overflow. This can be used to execute code remotely and take over email servers.
13) CVE-2020-0688 – A Microsoft Exchange® validation key remote code execution vulnerability exists when the software fails to properly handle objects in memory
14) CVE-2018-4939 – Certain Adobe ColdFusion versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
15) CVE-2015-4852 – The WLS Security component in Oracle WebLogic 15 Server allows remote attackers to execute arbitrary commands via a crafted serialized Java object
16) CVE-2020-2555 – A vulnerability exists in the Oracle Coherence product of Oracle Fusion Middleware. This easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence systems.
17) CVE-2019-3396– The Widget Connector macro in Atlassian Confluence 17 Server allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
18) CVE-2019-11580 – Attackers who can send requests to an Atlassian Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution.
19) CVE-2020-10189 – Zoho ManageEngine Desktop Central allows remote code execution because of deserialization of untrusted data.
20) CVE-2019-18935 – Progress Telerik UI for ASP.NET AJAX contains a .NET deserialization vulnerability. Exploitation can result in remote code execution.
21) CVE-2020-0601 (aka CurveBall) – A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear that the file was from a trusted, legitimate source.
22) CVE-2019-0803– An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
23) CVE-2017-6327– The Symantec Messaging Gateway can encounter a remote code execution issue.
24) CVE-2020-3118 – A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload an affected device.
25) CVE-2020-8515 – DrayTek Vigor devices allow remote code execution as root (without authentication) via shell metacharacters.
- Patching all my environments with the October 2020 Patch Bundles
- The Cybersecurity Maturity Model Certification: Are ...
- Sopra Steria hit by cyber attack. IT services group suspected of falling victim to ransomware • Graham Cluley
- Forensic Investigation: Pagefile.sys
- Hacking Incident Has an Unusual Ending - HealthcareInfoSecurity
- Cybersecurity’s Inconvenient Truth: The Nation State Threat
- NTLMRawUnHide - A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format
- Pwndoc - Pentest Report Generator
- Zap-Hud - The OWASP ZAP Heads Up Display (HUD)
- Use Banner Grabbing to Aid in Reconnaissance & See What Services Are Running on the System « Null Byte :: WonderHowTo
- Beat the Toughest CMMC Level 3 Requirements: Logging and Alerting | Pivot Point Security
- Beat the Toughest CMMC Level 3 Requirements: Email Spam Protection and Sandboxing | Pivot Point Security
- Beat the Toughest CMMC Level 3 Requirements: End-to-End Encryption | Pivot Point Security
- Beat the Toughest CMMC Level 3 Requirements: Multifactor Authentication | Pivot Point Security
- Beat the Toughest CMMC Level 3 Requirements: Mobile Device Management | Pivot Point Security
- 3 Reasons You (Probably) Need to Rethink Your Cybersecurity | Pivot Point Security
- The noise is deafening.
Complexity is unmanageable.
Trust is fleeting.
- Life of Maze ransomware | Securelist
- ENISA Threat Landscape Report 2020 - Security AffairsSecurity Affairs
- How to Setup and Manage Log Rotation Using Logrotate in Linux
- Incremental backup with Butterfly Backup - Fedora Magazine
- How to Turn Your Raspberry Pi into a Video Conferencing Station - Make Tech Easier
- The Long Road to HTTP/3 · Scorpil
- DevOps: Principles and Practice
- How To Take A Screenshot Using Python & Selenium? | Codementor
- Start your Red Hat training and certification journey with a skills path that's right for you
- COBOL’s Enduring Usefulness and Digital Transformation | CIO
- GoAccess (A Real-Time Apache and Nginx) Web Server Log Analyzer
- Daisugi: The Japanese Forestry Technique of Creating a Tree Platform for Other Trees | Spoon & Tamago
- The Cyberlaw Podcast: Fight Like a Canadian - Lawfare
- We also talk about the unique Canadian talent for debate that is both bare-fisted and unusually polite.
- Check your Unified Auditing Policies after upgrading to Oracle 19c
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Rdiff-backup - A Local and Remote Backup Tool for Linux
- 5 ways AI is improving healthcare post-COVID
- 1. Increasing Diagnosis Accuracy
2. Enabling Faster Care
3. Monitoring Patient Conditions
4. Reducing Healthcare Costs
5. Improving Medical Research
- How to Install Mitre CALDERA and Configure Your SSL Certificate - Black Hills Information Security
- Disk usage on ODA - Free MB and usable MB - Blog dbi services
- The 4 pillars of Windows network security | CSO Online
- 1. Passwordless identity management
2. Patch management
3. Device control
4. Security benchmarks
- EthicsfIRST: Ethics for Incident Response and Security Teams
- How to build an ESXi on ARM Pi cluster? - ivobeerens.nl
- It’s Time for the Eternal September to End
- PatchChecker - Web-based Check For Windows Privesc Vulnerabilities
- Privacy and security concerns increase with remote work
- Why the concept of 'single pane of glass' in cybersecurity is a myth
- A Different Kind Of Skillset | The Automation Blog
- Open Up Wide with PowerShell • The Lonely Administrator
- iTWire - Auto equipment maker KYB hit by Windows NetWalker ransomware
- CSIS - Significant Cyber Incidents Since 2006
- Avoiding the snags and snares in data breach reporting: What CISOs need to know | CSO Online
- NSS Labs Shuttered
- Building an Effective Ransomware Mitigation Strategy
- Jennifer Ayers
- Privacy Roundup #17 | Andrea Fortuna
- ”A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves, an unrecorded unanalyzed thought. And that’s a problem because privacy matters. Privacy is what allows us to determine who we are and who we want to be.” – Edward Snowden
- Webcast: Infosec Mentoring | How to Find and Be a Mentor & Mentee - Black Hills Information Security
- DEF CON 28 Safe Mode Red Team Village - Jonathan Helmus' 'Student Roadmap To Becoming A Pentester' - Security Boulevard
- debian-ansible -
- My test setup for my Ansible roles
- DEF CON 28 Safe Mode AppSec Village - Fredrick “Flee” Lee's 'What Bruce Lee Can Teach Us About AppSec' - Security Boulevard
- Past vs present vs future platforms - NevBlog
- Course Review: Reverse Engineering with Ghidra · System Overlord
- Graylog Monitoring Server on Ubuntu Linux for Monitoring Server/Services
- Born to Run: Is Running Outdoors Another Deeply-Embedded Human Desire? — My Money Blog
- How to show dropped packets per interface on Linux - nixCraft
- Linux security: Manipulating SELinux policies with Booleans | Enable Sysadmin
- Manage your Linux backups with Rdiffweb | Opensource.com
- Introduction to using firewalld on Oracle Linux 8 - YouTube
- 10 Practical Examples Using Wildcards to Match Filenames in Linux
- Kiwi TCMS - SEDC Academy For Software Testing is running Kiwi TCMS
- iTWire - Criminals leak Software AG data after Windows ransomware attack
- How to Boost the Productivity with Sublime Text Snippets
- ServiceNow Orders VMWare VMs Via Ansible Tower | Greg Sowell Saves The World
- Oracle Certified Master's - Blogs: RAC12cR2 : 12cR2 RAC Installation Step by step on Oracle Linux 7.4
- echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdb
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdc
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdd
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sde
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdf
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdg
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdh
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdi
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdj
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdk
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdl
echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sdm
- Book Review: Calling Bullshit - Thomas LaRock
- The chapters on numbers and nonsense, selection bias, and data visualization all struck a chord for me. The authors do a wonderful job of detailing their thoughts and using practical examples. And they don’t just tell you how to call bullshit, they remind you to do so in a respectful way, again with examples. Part of the problem when trying to refute bullshit tossed at you from your crazy uncle at Thanksgiving involves confirmation bias, a similar topic discussed in the social dilemma. You must find a way to separate identity from the topic being debunked.
- LDAP Indexes – Stuff I'm Up To
- B G P S T U F F . N E T
- How to Reduce Windows.edb Huge File Size? | Windows OS Hub
- Bill Gates Answers: "Why Should We Hire You?"
- The Tech Informative Side Chat on HPE Integrated Lights-Out (HPE iLO) - The Tech Journal
- Making Turkish Delight
- parchment
- Documentary Area - Simply the best Documentaries
- The Difficulties of Tracking Running Processes on Linux :: Tech Notes by Natan Yellin
- HP H240 (SAS3 HBA) 30 GBP from EU seller / 34 USD from US seller | ServeTheHome Forums
- 1. Download the offline SSA iso
https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_321a88714bff4279abf175b9bd
2. Boot from the ISO in SSA CLI mode
3. Get the serial numbers and copy the serial numbers
ctrl all show
4. Set to HBA mode
ctrl serialnumber=SERIAL modify clearconfigdata
ctrl serialnumber=SERIAL modify clearnvram
ctrl serialnumber=SERIAL modify bootvolume=clearprimary
ctrl serialnumber=SERIAL modify bootvolume=clearsecondary
ctrl serialnumber=SERIAL modify raidmode=off
- Linux vulnerabilities: How unpatched servers lead to persistent backdoors - Security Boulevard
- Infographic: The CIS Top 20 Controls Explained
- DDLC - Detection Development Life Cycle - Security Boulevard
- Can We Have “Detection as Code”? - Security Boulevard
- Focus on Fixing, Not Just Finding, Vulnerabilities - Security Boulevard
- 6 MongoDB GUIs that Shine - LinuxLinks
- Smokeping notes | Nelson's log
- Oracle Database Appliance vs Oracle Cloud Infrastructure - Blog dbi services
- What is the HIPAA Security Rule
- Advanced Active Directory attacks: Simulating domain controller behavior - ManageEngine Blog
- A Low Effort Guide to Keeping Tabs on Your Security Posture | Balbix
- NERC Publishes Practice Guide for Assessing SVCHOST.EXE
- Prune the Sprawl. Get Better AppSec. - Security Boulevard
- What will CMMC compliance cost my business? - PreVeil
- Tyler Technologies’ Clients Urged to Reset Remote Network Passwords after Ransomware Attack - Security Boulevard
- Five worthy reads: The evolving employee experience - ManageEngine Blog
- Cybersecurity Maturity Model Certification (CMMC) In-Depth - Security Boulevard
- The Top 5 Needs of DAST Testing
- Black Box Testing: What You Need to Know - Security Boulevard
- The Best Way to Manage SSH Keys | Keyfactor - Security Boulevard
- Are you listening to your logs? Part 4: Open ports - ManageEngine Blog
- 8 of the world's biggest insider threat security incidents
- The Importance of Listening - Security Boulevard
- Top 5 takeaways from the latest Kubernetes security report - Security Boulevard
- 1) 83% of organizations have a DevSecOps initiative
2) 29% of respondents consider the Security team to be responsible for Kubernetes security, followed by DevOps at 23%
3) 90% of respondents have experienced a security incident in Kubernetes environments
4) AWS Outposts, Microsoft Azure Arc, and Red Hat OpenShift are neck and neck for hybrid deployments
5) Nearly half of organizations have delayed deploying apps into production due to security concerns
- Ransomware Cripples UHS Hospitals Across the Nation - Security Boulevard
- WTTR.in | Weather Forecast in the Terminal – CubicleNate's Techpad
- Lessons From Teaching Cybersecurity: Back to School Week 1
- 3 Years Later: The Equifax Breach - Security Boulevard
- Networking fundamentals (for Network security professionals) - Security Boulevard
- Storage Management Best Practices: Part 2 - Expand Storage with Ease - Security Boulevard
- What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA - Security Boulevard
- Higher Education and CMMC: Seven top of mind questions.
- 1. Will fundamental research be exempted from CMMC?
2. Does my entire institution need to be CMMC certified?
3. How will primes flow down their CMMC level requirements to their subcontractors?
4. Who will pay for the costs to comply with CMMC?
5. When will university-based labs and other research facilities conducting DoD-sponsored research need to be CMMC certified?
6. How can university-based labs and other research facilities subject to CMMC mandates communicate across boundaries to non-CMMC certified labs, enclaves, campus services, etc?
7. How can I find answers to additional questions?
- What is a Cyber Risk Assessment? | Axio
- McSweeney: Soheil Rezayazdi And His Marvelously Nihilistic Password Security Questions - Security Boulevard
- What is the name of your least favorite child?
In what year did you abandon your dreams?
What is the maiden name of your father’s mistress?
At what age did your childhood pet run away?
What was the name of your favorite unpaid internship?
In what city did you first experience ennui?
What is your ex-wife’s newest last name?
What sports team do you fetishize to avoid meaningful discussion with others?
What is the name of your favorite canceled TV show?
What was the middle name of your first rebound?
On what street did you lose your childlike sense of wonder?
When did you stop trying?
- Cybersecurity best practices: An open letter to end users - TechRepublic
- When in doubt, don't do it. Such generalities could leaving you staring blankly at your monitor and unable to function, so here are specific security best practices.
Don't click suspicious links. If you don't know if a link is suspicious, ask.
Don't install any software on your PC or phone unless it comes from the operating system's built-in software store.
Don't install browser add-ons unless they are sanctioned by your company.
Don't visit websites that seem dodgy. What is a dodgy website? Products advertised on social media, sites that advertise products or services that sound too good to be true, sites that want to install applications on your computer, or any domain found on a list like the Fake Sites Database.
If you absolutely must visit a dodgy site (say you're doing research for your marketing department and want to know why a product is listed as must have), do it on a tablet that can easily be reset to factory default and doesn't contain company data.
Update your passwords with really strong ones that you can't memorize. I know that's a pain, but there's a solution: Ask your IT staff about how to use a password manager.
Don't open email attachments that haven't been checked by your antivirus.
Don't open text messages from unknown senders.
- 9 data security trends IT departments should expect in 2021 - TechRepublic
- 1. Remote work is the top concern.
2. Data breaches are four times more common for companies that allow access to company data.
3. Data classification alone is not sufficient.
4. Phishing schemes are spiking and becoming more harmful.
5. A third of employees hit by account takeovers.
6. Improved authentication methods.
7. Ransomware affected 28% of businesses.
8. VR/AR use nearly triples.
9. 86% of organizations are more concerned about data privacy.
- Building Resilient IT Systems: Why Federal and Enterprise Leaders Should Consider NSTAC Recommendations - Blog | Tenable®
- Deploying Your Industrial Cybersecurity: 4 Tips For Success - Blog | Tenable®
- ‘OT Anywhere’: Gain remote visibility into your OT infrastructure
Achieve a single view of all your IT and OT vulnerability data
Streamline your traditional OT security deployments
The freedom to choose
- A Day in the Life of a Business-Aligned Cybersecurity Leader - Blog | Tenable®
- The SANS paper details the following as being among the most important responsibilities carried out by most CISOs:
Act as the organization's representative with respect to inquiries from customers, partners, and the general public regarding the organization's security strategy.
Act as the organization's representative when dealing with law enforcement agencies while pursuing the sources of network attacks and information theft by employees.
Balance security needs with the organization's strategic business plan, identify risk factors, and determine solutions to both.
Develop security policies and procedures that provide adequate business application protection without interfering with core business requirements.
Plan and test responses to security breaches, including the possibility for discussion of the event with customers, partners, or the general public.
Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements.
Oversee a staff of employees responsible for organization's security, ranging from network technicians managing firewall devices to security guards.
- Writing Security Advisories: 5 Best Practices For Vendors - Blog | Tenable®
- 1. Disclose specific vulnerability details
2. Identify affected versions and devices
3. Clearly explain the remediation options
4. Format your information for both humans and machines
5. Improve accessibility with a centrally indexed dataset
- Threat hunting (IV): hunting without leaving home. Jupyter Notebooks - Security Art Work
- An Uncommon 20 Years of Commonly Enumerating Vulns
- 16 Reasons to use Third Party Cloud Security and not Salesforce Shield - Security Boulevard
- 1. With Shield, you are fully responsible for backing up data and tenant secrets.
2. Existing data is not automatically encrypted when you activate Shield.
3. Salesforce Customer Support may see protected data in plaintext if granted login access.
4. Some custom fields can’t be encrypted by Shield.
5. Shield can’t encrypt standard fields if portals are activate.
6. Shield can’t identify duplicate accounts and contacts when they’re encrypted.
7. Bounce processing doesn’t work if you encrypt the standard email field.
8. Campaign member search isn’t supported when you search by encrypted fields.
9. Reports charts and dashboard components that display encrypted field values might be cached unencrypted.
10. Shield’s self-service background encryption doesn’t support description fields, long and rich text area fields, and other data elements such as files and attachments.
11. Self-service background encryption can encrypt data once every seven days.
12. Encryption doesn’t run while statistics are being gathered.
13. Encrypted fields can’t be used in criteria-based sharing rules, external lookup relationships, or filter criteria for management tools.
14. Web-to-case is supported, but the Web Company, Web Email, Web Name, and Web Phone fields are not encrypted at rest.
15. Deterministic encryption isn’t available for custom data, date/time, long text area, rich text area, or description field types.
16. With SecurDPS from comforte, you don’t have to worry about any of the above.
- Top 5 Cybersecurity Frameworks to Secure Your Organization | Axio
- NIST CSF
CIS 20
ISO/IEC 27001
C2M2
CMMC
- How to Automate a Ransomware Response in 5 Steps - Siemplify
- What's New in Security, Part 2 - The Akamai Blog
- What's New in Web Security - The Akamai Blog
- Automate Reporting Across Directory Endpoints - JumpCloud
- 7 Reasons to Schedule Your Next Penetration Test | Digital Defense, Inc.
- 1. Achieve Compliance from Regulators and/or Auditors with Penetration Testing
2. It’s a Security Best Practice to Pen Test after System Changes
3. Determine if Potential Vulnerabilities are Exploitable
4. Give Your Customers Security Assurance
5. Test Your Incident Response Preparedness
6. Demonstrate Security Posture to Key Stakeholders
7. Avoid the Cost of a Breach or Ransomware Attack
- ‘Inconvenient’ Cybersecurity Policies Put Healthcare Organizations at Risk - Security Boulevard
- Understanding the Shared Responsibility Model | Radware Blog
- Seven Active Directory Security Tips from The Experts | Enzoic
- 1. Meeting NIST Guidelines: Following Industry Best Practices
2. Hardening Passwords Part 1: Reducing Complexity and Eliminating Periodic Password Reset
3. Hardening Passwords Part 2: Using a Blacklist, and Why Static Isn’t Good Enough
4. MFA: Using it Effectively, When you can, Where you can
5. Have Two Accounts: Divide and Conquer
6. Disabling Local Accounts: Where Less Is More
7. Monitoring Your System: Knowing What is Normal
- Personal and Medical Information of Children and Adults Stolen in DHS Data Breach - Security Boulevard
- Why is Threat Detection Hard? - Security Boulevard
- The Content Value Hierarchy (CVH) | Daniel Miessler
- Orbital edge computing: nano satellite constellations as a new class of computer system | the morning paper
- Color Table Series Part 3 : The Colortab package – texblog
- Control the width of table columns (tabular) in LaTeX – texblog
- Ryuk’s Return – The DFIR Report
- Image processing in Java
- U.S. GAO - Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm
- Don't Become A Developer, But Use Their Tools - Packet Pushers
- A first look at Tanzu Basic (part 1): introduction | viktorious.nl – Virtualization & Cloud Management
- Questions for Job Hunters | Diary of a Network Geek
- How many users? And how are they distributed at multiple locations? (IE. How many end users in what city and state?)
How many people are going to be hired, ultimately, to be in the IT Department? (I generally think one support person per seventy-five or fifty end users is a good ratio, if I can swing it. I always seem to support more than that, but it’s a goal!)
What servers are they running? What do they all do?
Where do those servers reside? (ie. On-prem or offsite data center or cloud)
Are they ALL virtual? On what? If VMware, what version? What OS are the virtual machines running?
What kind of physical host or hosts are the virtual machines on? Is it a cluster? Is there shared storage (ie a SAN)?
If there is more than one site, how are the sites connected?
How is email being handled now? On-prem Exchange? Hosted? Office 365?
What is the IT budget currently? How do they expect to see that expand?
Where is the main business headquarters? What’s the commute if I’m coming from [part of town where I live]?
How have they handled COVID-19?
What problem am I being hired to fix? Why are they looking for someone?
What does the compensation look like? What are the benefits? Is there a 401k and how much matching is there? What does the health insurance look like? Is there a bonus structure and how is that determined?
How often are performance reviews done and what does that process look like?
- The Fundamentals of Zero-Trust Security for Schools | EdTech Magazine
- DEF CON Safe Mode AppSec Village - Mario Areias - Threat Modelling the Death Star - YouTube
- Vulnerability Management Maturity Model Part II | Jonathan Risto | SANS Institute
- 40 Useful Examples of Linux PS Command for Aspiring SysAdmins
- Linux permissions: SUID, SGID, and sticky bit | Enable Sysadmin
- CS50x - Introduction to the intellectual enterprises of computer science and the art of programming.
- IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle ThemSecurity Affairs
- Categorization of System Vulnerabilities
Inexperienced users: the greatest vulnerability
The Flaws in Manufacturing Process
Irregular Updates
Shadow IoT Devices
- Wherever You Do Business, CMMC is Coming | Pivot Point Security
- How to Use PowerShell to Reboot Remote Computers
- BleedingTooth Linux Exploit Can Lead to Remote Code Execution Within Bluetooth Range | HotHardware
- BleedingTooth
- Introducing the Open Governance Network Model - The Linux Foundation
- iTWire - Dark web sec firm lists more than 800 ransomware attacks in last 12 months
- bpytop might be the freaking-coolest way to monitor your Linux system | GamingOnLinux
- Using the RVTools import feature in the VMC Sizer – Patrick Kremer
- Microsoft closes vulnerability CVE-2020-17022 in HEVC codec library (10/15/2020) | Born's Tech and Windows World
- CVE-2020-17022
- Healthcare organizations growing more concerned about insider threats
- Windows “Ping of Death” bug revealed – patch now! – Naked Security
- Building an Information Security Program Post-Breach Part III | Joe Sullivan | SANS Institute
- The G7 expresses its concern over ransomware attacksSecurity Affairs
- Windows Incident Response: Settings That Impact The Windows OS
- Windows Incident Response: #OSDFCON
- The Ruthless Cyber Chaos of Business Recovery
- Cyber insurance: A guide for businesses - IT Governance UK Blog
- Azure Security Benchmark v2: What you need to know | CSO Online
- Building a Ransomware Incident Response Plan - HealthcareInfoSecurity
- A case for moving to an 'agile operating model'
- France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch
- VMware ESXi 7 No Coredump Target Has Been Configured.
- Best Free and Open Source Linux Partitioning Tools - LinuxLinks
- Software AG Continues Efforts Against $20M ...
- Upgrade to Oracle 19c - performance issue - Blog dbi services
- Senator Demands Answers on Universal Health Services Outage
- AlienVault: End user Devices Integration-Lab Setup (Part 2)
- SIEM Lab Setup: AlienVault
- Health Data Breaches in 2020: Ransomware Incidents Dominate
- Java: Check Version, Update or Uninstall Using PowerShell | Windows OS Hub
- Product Management: Why internal product feedback matters – The curious Kabri
- DRBD and LVM – Stuff I'm Up To
- Nginx SSL Certificate Error – Stuff I'm Up To
- Ansible, Windows and PowerShell: the Basics – Part 14, Registry Entries – Jonathan Medd's Blog
- Ansible, Windows and PowerShell: the Basics – Part 15, Install Chocolatey Packages – Jonathan Medd's Blog
- Getting Started with PowerShell 7 – Ebook Available – Jonathan Medd's Blog
- AZ-400 Azure DevOps Exam Experience – Jonathan Medd's Blog
- Top Ten Things That Should Be In Your Dot Files - Low End Box
- IT That Should Just Work: vCenter 6.7 Resizing Disk Fails Invalid Operation for Device 0
- Cruise provider Carnival confirms ransomware attack with data exfiltration | Born's Tech and Windows World
- Running Falco and k3s at the edge with 64-bit ARM
- Sales Tax Jurisdictions by State, 2020 | Tax Foundation
- Ultra low cost webcam studio | Daniel Pocock’s personal blog
- Oracle Database 12.1.0.2 certified on Oracle Linux 8 and RHEL8
- Image Deduplicator - find duplicate images - LinuxLinks
- Introducing VMware Cloud Disaster Recovery (VCDR) - CormacHogan.com
- How To Harden a backup repository on Windows | ESX Virtualization
- We might do a post on the same, but for Linux in the future.
Tip 1 – Do not join in Microsoft Domain – In any case, do not join your Windows backup server to Microsoft AD. Just leave the server completely as a side system. Keep the default Workgroup or change to something else. Also, you should perhaps name the server with a generic name instead of “BackupSRV01” or something like this. Use a completely generic name that hackers won’t guess that this is the backup server.
Tip 2 – Use Simple Approach – Use simple design and close all network ports via the internal firewall, except those needed for your backup software. Remove all unneeded components from the Windows server, such as web browsers, java, adobe reader and this kind of stuff. Maintain the server as usual with all Windows security patches and protect it with AV/Malware software.
Tip 3 – Roles and Users – use the principle of least privilege. Give the minimal privilege needed for some operation to occur. You should make sure that all accounts do have a specific role and they are added to a specific group. If your organization has several backup admins, give each one specific account and put them in a group. Only give access to what is needed for the backup management or backup job. Limit users who can use Remote Desktop Protocol (RDP) and if possible, set-up a 2-factor authentication.
Tip 4 – Set permissions on the repository folder – you should grant access on this directory only to the users of the backup software. After you add the user administrative account on the security tab of the disk(s) where backups will be stored, you can open the advanced security settings and change the owner.
Tip 5 Disable remote RDP service – Quite often, the server hosting the backup is physical machine. It is an extra security layer that nobody can connect remotely to this server and that the physical location of this machine is protected. You should use physical access only or a KVM-over-IP switch to access this machine when located in remote datacenter.
Tip 6 Clean Install of backup server stored as Image – even backup server should have backup of itself. After installing and configuring this backup server, install the backup software and configure the hardening options as listed above. Then use an image level backup software type Acronis, Ghost etc, and do a clean image backup of the system partition. Like this, if this machine gets corrupted and unbootable, you can restore the system partition with hope that the data disks (which should be separate volume) are fine.
- 5 Steps to Harden vSphere Security: Cybersecurity Awareness Month - YouTube
- My Golden Image build using HashiCorp Packer – Retouw.nl
- Web of Trust, Part 1: Concept - Fedora Magazine
- Datalore by JetBrains: Online Jupyter Notebooks Editor With PyCharm’s Code Insight – PyCharm Blog | JetBrains
- Excellent Free Tutorials to Learn Factor - LinuxLinks
- Extracting Linux System and Hardware Info Using Python | FOSS Linux
- Using eBPF Monitoring to Know What to Measure and Why - Container Journal
- 11 Best Free and Open Source Linux System Profilers - LinuxLinks
- Combine Two JSON Files With PowerShell – Jonathan Medd's Blog
- Threat hunting (IV): hunting without leaving home. Grafiki - Security Art Work
- Ubiquiti Security Gateway failures | Nelson's log
- Five Cloud Security Considerations for CISOs - Security Boulevard
- 01. Web and Email Are the Most Common Entry Points for Breaches.
02. SSL Is a Major Threat.
03. Enterprise Apps Need to Be Protected from Untrusted Devices.
04. SaaS is the New Trojan Horse.
05. Limited Visibility Is a Security Killer.
- CMMC: The New Cybersecurity Standard for Defense Contractors - Security Boulevard
- Most Workers Not Interested in Switching to a Cybersecurity Role
- 43% of Global Employees Are Not Sure What a Phishing Attack Is - Security Boulevard
- Tyler Technologies finally paid the ransom to receive the decryption keySecurity Affairs
- Windows 10 2009 (20H2): The Biggest Features Explained
- Create an Ansible module for integrating your Google Calendar | Opensource.com
- Encrypt Cloud Storage With Open Source Cryptomator
- Cryptomator
- Oracle Linux 7 Update 9 Released with Kernel 5.4 and More
- 11 Best Free and Open Source Linux Debuggers - LinuxLinks
- JWT Heartbreaker offers remedy for weak JSON web tokens | The Daily Swig
- iTWire - Germany's Software AG hit by Windows Clop ransomware
- The Maw of Chaos - why time forecasting is so challenging?
- jmtd → log → Type design
- Manage your Business with a Complete Software Solution - LinuxLinks
- How do you access the Dark Web Safely After Following The Simple Tips
- How to Install Nessus on Kali Linux step by step Tutorial for Beginners
- vPrioritizer - Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization
- Goals and Philosophy
To overcome above challenges, vPrioritizer is designed with primary objectives as below:
Centralized - must serve as single-pane-of-glass for vulnerability management
Automated - any and every task which can be automated, must be automated
Community Analytics - utilization of community analytics to mature the prioritization algorithm over the period of time
- C41N - An Automated Rogue Access Point Setup Tool
- How to Manage Your VMware vSphere Environment with PowerShell | ESX Virtualization
- Using Ansible To Create DNS Certificates And Install Them On F5 Big IP Loadbalancers | Greg Sowell Saves The World
- Using Ansible to interact with web endpoints | Enable Sysadmin
- PXE Install Ubuntu 16.04. Using PXE Linux to install Ubuntu 16.04 Server
- GitHub - philhagen/sof-elk: Configuration files for the SOF-ELK VM, used in SANS FOR572
- Essentialism: The mindful pursuit of quality
- McKeown's philosophy comprises three steps.
1. Explore and evaluate. An essentialist, he says, exposes herself to new ideas. She's curious. She explores the world and everything it has to offer. As she does, she evaluates the objects and opportunities that come her way, trying to identify those that are most aligned with her goals.
2. Eliminate. It's not enough to explore and evaluate, though. An essentialist also has to learn to say no. As he explores and evaluates, he has to reject anything that distracts him from his purpose. “It's not enough to simply determine which activities and efforts don't make the highest possible contribution,” McKeown says. “You sill have to actively eliminate those that do not.” This step is tough for me.
3. Execute. Finally, an essentialist must take action. He needs to develop a plan and follow through with it. From the book: “This is not a process you undertake once a year, once a month, or even once a week…It is a discipline you apply each every time you are faced with a decision.”
- Building an Air Quality Sensor – Scott Gruby's Blog
- Ten things you should know about Azure AD Administrative Units - The things that are better left unspoken
- Introducing the Privileged Identity Management Tools PowerShell module (PIMTools) | Jan Egil Ring powershell.no
- 5 Lessons About Software Security for Cybersecurity Awareness Month - Security Boulevard
- 1. Lack of developer participation in and engagement with security training is a problem.
2. It???s nearly impossible to have effective AppSec without integrating into developer workflows.
3. Open source code is pervasive, vulnerable, and typically not checked for security.
4. You could be pulling in more open source code than you think.
5. The majority of open source flaws are pulled into the code indirectly.
- Video Conference Equipment Breakdown | The ORACLE-BASE Blog
- Build a resilient cybersecurity framework by transforming your IT team into a security team - ManageEngine Blog
- Must-Read: The 10 Best Cybersecurity Books You Need to Know About
- Mary Aiken’s ‘The Cyber Effect’
Christopher Hadnagy’s ‘Social Engineering’
Kevin Mitnick and His ‘Ghost In The Wires’
Sandworm by Andy Greenberg
Kim Zetter’s ‘Countdown to Zero Day’
‘Hack-Proof Your Life Now! The New Cybersecurity Rules’
Augenbaum’s ‘The Secret to Cybersecurity’
‘Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World’
Brian Craig and His ‘Cyberlaw: The Law of the Internet and Information Technology’
Buchanan’s ‘The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations’
- Small Businesses and Consumers Grossly Underestimate Danger of Cyberattacks - Security Boulevard
- Java Ransomware (Literally): Not Even Your Coffee Maker Is Safe - Security Boulevard
- VMware vSphere 7.0 Update 1 is now GA, here's how to download it any which way! | TinkerTry IT @ Home
- Setup an NGINX Ingress Controller on Kubernetes - Blog dbi services
- Upgrades : You have to do them. When are you going to learn? (TLSv1.2) | The ORACLE-BASE Blog
- Building an Information Security Program Post-Breach Part II | Joe Sullivan | SANS Institute
- 10 Years Since Stuxnet: Is Your Operational ...
- Inside Job: Former Worker Allegedly Holds Records for Ransom
- Disagree Agreeably
- I don't think I've ever heard the words "disagree agreeably" put together like that, but I instantly knew what he meant. It seems to me that the world would be a more pleasant and productive place all around if more of us would commit to disagreeing agreeably, instead of tending towards assuming the worst, over-reacting, and flaming each other when working through contentious issues.
- Best Crustless Apple Pies Recipe - How to Make Crustless Apple Pies
- Best Bloomin' Apples Recipe - How to Make Bloomin' Apples
- Best Gluten-Free Pumpkin Bars Recipe-How To Make Gluten-Free Pumpkin Bars—Delish.com
- Business continuity: things to consider - Security Art Work
- Guidelines for putting together a good report - Security Art Work
- Cloud: building from security - Security Art Work
- Threat hunting (III): hunting without leaving home. Kibana - Security Art Work
- Threat hunting (II): hunting without leaving home - Security Art Work
- What happened, Tiki-Wiki? XSS vulnerabilities, no thanks - Security Art Work
- Threat hunting (I): hunting without leaving home - Security Art Work
- Protect your network with open source tools | Opensource.com
- The Beginner Guide to Regular Expressions
- Essential components of a Linux-based air-gapped network | Enable Sysadmin
- AnsibleFest highlights Ansible momentum as IT automation becomes an enterprise imperative
- OpenWrt and SELinux [LWN.net]
- US House Passes IoT Cybersecurity Improvement ActSecurity Affairs
- FERC, NERC joint report on cyber incident response at electric utilitiesSecurity Affairs
- New to Chatbots? Understand Your Security Risk - Blog | Tenable®
- 5 Steps for Becoming a Business-Aligned Cybersecurity Leader
- Step 1: Make sure you understand your organization's business objectives for the year.
Step 2: Consider how those business objectives shape technology decisions.
Step 3: Work with business stakeholders to ensure your cybersecurity metrics incorporate business context.
Step 4: Prioritize your cybersecurity processes based on the learnings you've gained from the above steps.
Step 5: Communicate using benchmarks that make sense to your business stakeholders.
- Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack - Blog | Tenable®
- US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities - Blog | Tenable®
-
CVE Product CVSSv3 Tenable VPR* Disclosed
CVE-2019-11510 Pulse Connect Secure 10.0 10 Apr 2019
CVE-2019-11539 Pulse Connect Secure 7.2 9.6 Apr 2019
CVE-2019-19781 Citrix Application Delivery Controller and Gateway 9.8 9.9 Dec 2019
CVE-2020-0688 Microsoft Exchange Server 8.8 9.8 Feb 2020
CVE-2020-5902 F5 BIG-IP 9.8 9.9 Jul 2020
- Communicating Business Risk: Why Existing Cybersecurity Metrics Fall Short
- Application-level Purple Teaming: A case study
- False Confidence is the Opposite of Cyber Resilience | Webroot
- Introducing LDAP C2 for C3
- Universal Health Services (UHS) hospitals hit by Ryuk ransomware attackSecurity Affairs
- Cyber Resilience for Business Continuity | Webroot
- 4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy | Webroot
- 1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience
2. Leverage Multi-Layered Security
3. Determine the Right Pricing Model
4. Rethink How You Engage Prospects
- University Hospital New Jersey paid a $670K ransomSecurity Affairs
- IoTMap - Research Project On Heterogeneous IoT Protocols Modelling
- Why master YARA: from routine to extreme threat hunting cases. Follow-up | Securelist
- VulnDB - Vulnerability Intelligence
- How to Attack Web Applications with Burp Suite & SQL Injection « Null Byte :: WonderHowTo
- NBlog - the NoticeBored/SecAware blog: NBlog Sept 24 - status of ISO27001 Annex A
- NBlog - the NoticeBored/SecAware blog: NBlog Sept 27 - 2021 infosec budget
- The Mysterious Case of the Missing 250-Ton Chinese Power Transformer
- Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet
- File Integrity Monitoring (FIM): Your Friendly Network Detective Control
- Roger Severino, Lead HIPAA Enforcer, on Fighting Hackers
- How to perform a CNI Live Migration from Flannel+Calico to Cilium — Cilium
- Which database version can be used with Grid Infrastructure 19c?
- Understanding operational 5G: a first measurement study on its coverage, performance and energy consumption | the morning paper
- Best Thanksgiving Egg Roll Recipe - How to Make Thanksgiving Egg Rolls
- 2020 Vulnerability Fujiwhara: The Writing on the Wall – RBS
- Remote Audits: Continuous Compliance in WFH - Security Boulevard
- White Paper – The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
- Kube-Score - Kubernetes Object Analysis With Recommendations For Improved Reliability And Security
- Network Boot To The Rescue | Showmax Engineering
- SystemRescue - PXE network booting
- Nextcloud 20: One private cloud to rule them all | ZDNet
- Build multi-architecture container images using argo workflow
- The 50 Best Programming Blogs and Websites To Follow in 2020
- 20 Years of FreeBSD Foundation: Interview With Deb Goodkin, Executive Director
- Windows 10: Disable Bing in the search | Born's Tech and Windows World
- Consensus is Harder Than It Looks - Marc's Blog
- 8 Simple Study Tips to Help You Learn More Efficiently – Education
- SCREEN_KILLER - Tool To Track Progress For Reporting (Capture Screenshot, Commands And Outputs) During Pentest Engagement And OSCP
- Your cyber security risk mitigation checklist - IT Governance UK Blog
- Install firewalls
Install antivirus software
Patch management
Conduct a cyber security risk assessment
Create an information security policy
Encrypt sensitive data
Create a remote working policy
Conduct vulnerability scans
Conduct penetration tests
Create a business continuity plan
- 7 overlooked cybersecurity costs that could bust your budget | CSO Online
- 1. Staff acquisition and retention
2. Cloud spend
3. Third-party advice and analysis
4. Incident response
5. Replacement cost
6. Cybersecurity training
7. Cyber insurance
- Building an Information Security Program Post-Breach | Joe Sullivan | SANS Institute
- Better, Faster AND Less Expensive Vendor Risk Assessments: Here’s How It Works | Pivot Point Security
- Up Your AppSec Game | OWASP Top 10 Versus the OWASP ASVS—When to Use Which? | Pivot Point Security
- the OWASP Top 10 is intended to be simply an awareness document to help you avoid coding the most blatant and dangerous vulnerabilities into your applications
The OWASP ASVS, on the other hand, is intended to be a definitive reference standard for secure web application development. It offers five levels of increasing security, and is built with modern coding and testing practices in mind.
- Money Talks | The Economics for CMMC Compliant Email and File Sharing | Pivot Point Security
- FTP Is Almost 50 Years Old—and It’s Ready to Retire
- OpenWISP: Open Source Network Management System
- NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine
- OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally
- Home Made Pear Jam cooking Jonathans Blog
- GDPR Article 32: Your guide to the requirements - IT Governance UK Blog
- Will hospitals wake up to the threat of cyber crime after patient dies during a ransomware attack? - IT Governance UK Blog
- Healthcare sector to receive £500k cyber security funding boost - IT Governance UK Blog
- Chris's Wiki :: blog/unix/V7DeviceNumbersHow
- Warner's Random Hacking Blog: Old-school Disk Partitioning
- Chris's Wiki :: blog/tech/SSDsRAIDWearWorry
- How pre-DevOps Ops teams became cynical assholes - SysAdmin1138 Expounds
- If it's your job to clean up after other people's messes, you get cynical.
- 5 Nmap Timing Templates you should know
- Ransomware Groups Add a Third Threat Vector: DDoS | Daniel Miessler
- Operation Fortify: A US Ransomware Plan | Daniel Miessler
- Elite security intelligence at zero cost - use Recorded Future Express… for FREE! • Graham Cluley
- VULS- An Agentless Vulnerability Scanner
- Universal Health Services Network Outage: Lessons to Learn
- Anthem Hit With $48 Million in Additional Breach Penalties
- Microsoft: Hacking Groups Shift to New Targets
- What to expect on revised standard contractual clauses
- Anthem to pay $39.5M in settlement over 2015 data breach
- IAPP Keynote: Defending Democracy | LinkedIn
- List of data breaches and cyber attacks in September 2020 – 267 million records breached - IT Governance UK Blog
- Nanonote 1.3.0 released | agateau.com
- Docker Volumes, Mounting, and More – Linux Hint
- How to Check Linux Memory Usage – Linux Hint
- free -w
- Tmux Is Still Bloat: Use DVTM For Terminal Multiplexing - YouTube
- How Secure Are YOUR Passwords?
- Episode #284 Modern and fast APIs with FastAPI - [Talk Python To Me Podcast]
- What is a Package Manager in Linux?
- What it takes to be a transformational CISO | CSO Online
- How To Install and Configure Ansible on Debian 10 – TecAdmin
- FSF at 35 -- join us in celebrating the incredible community — Free Software Foundation — working together for free software
- 'Father of Identity Theft' Sentenced to 207 Months
- Four steps to securing sensitive data in the cloud
- 1. Revisit Policies to Understand Who is Responsible for Privacy and Security
2. Establish the Path for a Safe Data Pipeline
3. Deploy Dynamic, Comprehensive Privacy Controls
4. Create Protected Data Domains
- A practical guide to cloud migration
- Guided Learning - Wahl Network
- Passed AZ-303 and AZ-304 Microsoft Certified Azure Solutions Architect - Thomas Maurer
- Docker IP Address Error – Stuff I'm Up To
- Stacer - Linux System Optimizer & Monitoring Tool
- Tracking time with Timewarrior at the command line | Enable Sysadmin
- Docker Compose for Local WordPress Development – Lev Lazinskiy
- Why Does Eric Raymond Think Windows Will Lose Desktop War To Linux?
- Cybersecurity Canon | Cybersecurity & Digital Trust
- 9 Tips to Prepare for the Future of Cloud & Network ...
- The Risk of SaaS Defaults
For SaaS, Maintenance Is Key
Market for IaaS Security Continues Growth
Why Network Security's Future Is in the Cloud
SD-WAN Adoption Grows Alongside Cloud Uptake
Rethinking SOCs for the Cloud
Tech Tips for Stocking the SOC
Do You Need A SIEM? Exploring Options
- 4 Critical Things to Look for in Your Company's 401(k) Plan | The Motley Fool
- How To Get Into Cars: Hypermiling Mods | Hackaday
- Adversarial Interoperability | Electronic Frontier Foundation
- Cyber Pearl Harbor Is Happening Right Now—It's Ransomware | Daniel Miessler
- 71% Of Healthcare Medical Apps Have A Serious Vulnerability; 91% Fail Crypto Tests
- 5 top vulnerability management tools and how they help prioritize threats | CSO Online
- Packet Analysis Using Wireshark - YouTube
- Certified Kubernetes Administrator Study Guide - Wahl Network
- QEMU Virgil - Virtualization, acceleration, celebration
- Cyber Pirates Hit Global Shipping Industry Nearing Peak Season - Bloomberg
- Compare Multiple Videos/Images on Linux with This New GTK App - OMG! Ubuntu!
- Oracle Certified Master's - Blogs: Proxy User in Oracle Database
- 305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer | Threatpost
- Powershell – Get Active Directory objects inactive for X days | geekdudes
- Kubernetes componentsElectric Monk | Electric Monk
- Terence Luk: Export a certificate that does not allow the private key to be exported from a Windows Server
- Chris's Wiki :: blog/tech/HDAndSSDLifetimeThought
- Some grumpy sysadmins will also consider it a feature that if you put a system in a closet and leave it there for five or ten years, it will probably die instead of hanging around as an ancient zombie full of outdated things. The downside of this is for 'industrial' computers that are embedded into larger systems (including in things like hospital machinery, which are infamous for still running their embedded computers with long-obsolete operating systems). Perhaps the hardware vendors will just vastly over-provision the SSDs and then hope for the best.
- How To Set Up a Firewall with Awall on Alpine Linux - nixCraft
- Secure Controls Framework | Cybersecurity & Privacy Controls
- A Little Nut Magic | Cool Tools
- Blind hole – A hole that doesn’t penetrate the material all the way through. As opposed to a through hole which does go through.
Feel – The secret sauce of working the physical sciences. This is knowing things like how much force, pressure, tension, torque, etc. you can safely apply to a given object. This is largely a learned skill.
WDITOT -“Why Didn’t I Think Of That.” Not to be confused with ID10T, which is another thing entirely. [via Steve Roberts]
Welding boogers – Bad, ugly welds or a weld blob that has adhered someplace where you don’t want it.
- Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange | Alexander V. Leonov
- Zer0CoolX · GitHub
- Networking 101: Transport Layer Security (TLS) - High Performance Browser Networking (O'Reilly)
- Offered Mid-Career Advice — EtherealMind
- Presentation tools - anarcat
- blog.harterrt.com – Intentional Documentation
- 6 ways to access documents from Microsoft Teams - SharePoint Maven
- A billion files
- Oracle ADB from a Jupyter Notebook - Blog dbi services
- Is This Retirement Account the New 401(k)?
- Turkish Vegan Recipe: How To Cook Mercimek Koftesi (Lentil Balls) - foXnoMad
- How to formally file a complaint against DoD for CMMC Issues
- The Cybersecurity War is Here, and Everyone is a Combatant
- Linked: The Cybersecurity War is Here, and Everyone is a Combatant
- “Can you generate new fingerprints and retinal scans when yours is stolen?
How long will it take your child to recover from the bad credit history that a third-party created when the kid was still in diapers?
How confident are you that during surgery, the medical records will accurately reflect known allergies and critical data? (like current use of blood thinners)
How many days can a business afford to be inoperable following a cyber incident?
Will you want to drive on a highway, going 70+ miles per hour, if all internet-connected vehicles were hacked in a coordinate attack?”
- Get-GpoReport: How to Build Fancy GPO Reports with PowerShell
- You Can’t Do Everything, And That’s Okay – Ethan Banks
- You’re a responsible human–a reliable person who does everything that’s expected and more. Congratulations! Here’s more work to do.
- How to Disable/Enable SMB v 1.0 in Windows 10/Server 2016? | Windows OS Hub
- Get-WinEvent -LogName Microsoft-Windows-SMBServer/Audit
- Considerations for the Structure of the Bureau of Cyber Statistics - Lawfare
- Need to know technologies for junior sysadmins | Enable Sysadmin
- Active Directory Objects and the PowerShell Pipeline • The Lonely Administrator
- Getting started with Exasol - Setting up an environment - Blog dbi services
- All You Need To Know For Selenium Testing On The Cloud | Codementor
- Encrypting Files with Ansible Vault - YouTube
- A Linux sysadmin's introduction to cgroups | Enable Sysadmin
- Heartbleed Still Found in the Wild: Did You Know That You May Be Vulnerable? | Linuxize
- How to Flash multiple USB sticks on Linux
- How To Identify Libraries that are Still Vulnerable to Attacks Aft
- Sniffer Air Quality (AQI) Monitor using ESP32 + PMSA003 + BME680 - Bootloader Blog
- Cyber attack with ransomware on US hospital operator UHS | Born's Tech and Windows World
- 5 Best DNS Servers (2020) - Free Public DNS For Speedy Connections
- 10 Best Free Lorem Ipsum Generators For Cool Placeholder Texts
- How to Install Jellyfin Media Server on Debian 10 Buster - LinuxBabe
- https://associates.shostack.org/A_PCI_Threat_Model_2020.pdf
- Solving the Problem With Security Standards
- "Don't deploy security controls — whether data security or others — unless you know what problem you are solving." - Anton Chuvakin
- Shopify's Employee Data Theft Underscores Risk of ...
- My Journey Toward SAP Security
- How to deliver a GPU powered Azure VM (example for CAD applications) with Windows Virtual Desktop
- What is Odoo? Odoo, More than an ERP Software - SpeedySense
- Classic Preupgrade Tool and Change of Server – Databases Are Fun
- 10 Traits of a Great Company Culture
- Can you quantify the damage done by bad patches? @ AskWoody
- All you need to know before buying a Raspberry Pi 4 – Marksei
- Soon Your Whole Life Will Be in Microsoft Teams, and That Might Not Be Good
- Developer Creates DOS Subsystem for Linux (DSL)
- Preventing insider threats: What to watch (and watch out) for | CSO Online
- What is Zerologon? And why to patch this Windows Server flaw now | CSO Online
- WannaCry Has IoT in Its Crosshairs
- 7 Non-Technical Skills Threat Analysts Should ...
- It's All About Your Company's Brand
Think Like the Bad Guys
Develop Personal Interests
Level Up Your Critical Thinking Skills
Watch Out for Analysis Paralysis
Build Relationships Within Your Organization
Speak in the Language of the Business
- Small business cyber security: the ultimate guide - IT Governance UK Blog
- How small organisations can fast-track ISO 27001 implementation - IT Governance UK Blog
- Wacker - A WPA3 Dictionary Cracker
- Velociraptor IR – Medium
- Velociraptor - Endpoint Visibility and Collection Tool
- PwnXSS - Vulnerability XSS Scanner Exploit
- Introducing “YAYA”, a New Threat Hunting Tool From EFF Threat Lab | Electronic Frontier Foundation
- Ransomware “Officially” Kills a Person | flyingpenguin
- Google Online Security Blog: Lockscreen and Authentication Improvements in Android 11
- Fortune 1000 Technology Insights | HackerTarget.com
- Threat Hunting: Velociraptor for Endpoint Monitoring (Part 2)
- Digital Forensics: An Introduction (Part 2)
- Digital Forensics: An Introduction
- HHS Issues Yet Another Big HIPAA Breach-Related Fine
- 'Dark Overlord' Hacker Sentenced to 5-Year Prison Term
- Virus vs. Worm: What’s the Difference?
- Eli Lilly security finds strength in flexibility in WFH shift | CSO Online
- LTO-9 Specs Reveal Compromise - IT Jungle
- The Dollars And Sense Of Business Continuity - IT Jungle
- Watch A Fast Sand Plotter Plow Patterns At Speed | Hackaday
- Zen Rock Garden Table Uses Magnets And Sand | Hackaday
- SandBot Happily And Tirelessly Rolls Patterns In Sand | Hackaday
- Hard Disk Drives Have Made Precision Engineering Commonplace | Hackaday
- Hard Drive Full? | PeteNetLive
- 12 Bare-Minimum Benchmarks for AppSec Initiatives
- Hacking Yourself: Marie Moe and Pacemaker Security
- Generating and Using SSH Keys, Part 3 - Low End Box
- Troubleshooting SAML 2.0 - SAML 2.0 trace with sec diag tool | It's full of stars!
- Chris's Wiki :: blog/sysadmin/RemoteRebootAllFine
- Making the Case for Medical Device Cybersecurity
- Sarah Katz
- Zerologon Exploits are used in the wild, patching (Windows Server, Samba) recommended | Born's Tech and Windows World
- Cloud Native or Cloud Nightmare? - Architecting IT
- Don't Claim Social Security Benefits Until You Can Answer These 3 Questions
- r spouse to decide how to maximize your combined Social Security income and, if you aren't certain what claiming strategy is best to do that, you may want to consider getting some professional financial advice.
- #PowerShell at #Microsoft #MSIgnite | >_
- Employees say finding information is harder when working from home
- Everyday Threat Modeling | Daniel Miessler
- The Psychology of Fraud: I want to believe | Pindrop
- Infosec Graduate Program - CERIAS - Purdue University
- How to Disable Ads on the Roku Home Screen – Jason Pearce
- Mirror, Mirror, On Your Cam, Show Us What You’ve Drawn By Hand | Hackaday
- Ryan Holiday's 33 Favorite Pieces of Advice for Life | Forge
- "Constraints Create Creativity." - NevBlog
- Qemu (KVM) and 9P (Virtfs) Mounts « etbe - Russell Coker
- Kubernetes: The evolution of distributed systems - Red Hat Developer
- Using bash’s shopt builtin to manage Linux shell behavior | Network World
- How to backup CD-roms to ISO format on Linux
- sudo dd if=/dev/sr0 of=file.iso
- 9 Best Free and Open Source Linux Hex Editors - LinuxLinks
- okteta
DHEX
- 7 things you can do with Ansible right now | Opensource.com
- Bandwhich: Bandwidth Tracking So Simple Anyone Can Use It - YouTube
- Cyphon: An Open-source Incident Tracking Management System for the Enterprise
- How to Manage Remote Teams Effectively – Running Your Business
- Adaptability: Your Most Essential Workplace Skill
- Oracle MAA reference architecture and HA, DR, RTO, RPO - Blog dbi services
- How and why I built a menu planning application: What's on the Menu? | Codementor
- TDE from a Non-Security Guy – Databases Are Fun
- Packer by HashiCorp : Second Steps? | The ORACLE-BASE Blog
- Just one more esxi-guy: How to Create a Basic Docker Container
- Just one more esxi-guy: How to Install and Use Docker
- Security awareness training needs to be interesting to be effective
- "The reality is that nobody is immune from attacks." says MediaPRO chief strategist Lisa Plaggemier. "It only takes one click, which can happen in the blink of an eye, before you even realize what you've done. Think of how quickly we all move through our email on busy days. Add to that the stress of COVID. Simply put, human beings are fallible. It’s critical that organizations provide engaging employee training that drives home just how much information is available about all of us."
- Cyberwarfare could be an imminent threat to organizations
- How COVID-19 could be the trigger for lasting innovation [Q&A]
- Robot Framework with Selenium and Python: All You Need to Know | Codementor
- U.S. GAO - Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy
- Balancing Linux security with usability | Enable Sysadmin
- How to use Ansible to update your Django web app - PythonAnywhere News
- Build Smart on Kubernetes World Tour: Developers’ path to platform freedom – IBM Developer
- Sysadmin tools: Creating network diagrams with diagrams.net | Enable Sysadmin
- How to Keep Things Organized With TreeLine - Make Tech Easier
- Hard links and soft links in Linux explained | Enable Sysadmin
- 5 questions to ask yourself when writing project documentation | Opensource.com
- Renowned communication theorist Harold Lasswell wrote in his 1948 article, The Structure and Function of Communication in Society:
[A] convenient way to describe an act of communication is to answer the following questions:
Who
Says what
In which channel
To whom
With what effect?
- linuxium.com.au: 'BootHole' implications for 'isorespin.sh'
- Discovering Computer Legend Dennis Ritchie’s Lost Dissertation - IEEE Spectrum
- Instant PostgreSQL Cloning with SUSE and Btrfs - Blog dbi services
- Azure Database for PostgreSQL - Blog dbi services
- Naan | The Splendid Table
- Lisa Donovan's Chocolate Chess Pie | The Splendid Table
- Watchman: monitoring dependency conflicts for Python library ecosystem | the morning paper
- DIY Grout Cleaning Machine Does A Good Job | Hackaday
- In Praise Of The DT830, The Phenomenal Instrument You Probably Don’t Recognise For What It Is | Hackaday
- This Tax-Advantaged Account Is Changing in 2021. Here's What You Need to Know
- Windows XP Source Code Allegedly Leaked Online As A Torrent File
- How to migrate High Availability databases on an ODA? - Blog dbi services
- Deploy HA-Proxy for vSphere with Tanzu - CormacHogan.com
- Wheelhouse
- Professional vSphere 7.0 VCP-DCV Exam Preparation | vLore Blog
- How to synchronize the appliance registry metadata on an ODA? - Blog dbi services
- Clint Boessen's Blog: Troubleshooting Account Lockouts in Active Directory
- Chris's Wiki :: blog/python/VenvsAndSysPath
- Windows Server: Zerologon vulnerability (CVE-2020-1472) allows domain hijacking | Born's Tech and Windows World
- Generating and Using SSH Keys, Part 2 - Low End Box
- Top Ten Ways to Save on VPS Hosting (and a Bonus Eleventh Way) - Low End Box
- Dictionary: Firewall Rulette — EtherealMind
- CMMC Process Maturity - DIB SCC CyberAssist
- Response: Paradox: Covid crisis elevates technology professionals’ stature, but limits career growth | ZDNet — EtherealMind
- 4 Times a Roth IRA Is Better Than a 529 for College Savings
- Teach Yourself Programming in Ten Years
- 3 Little-Known Social Security Facts That Could Make or Break Your Retirement
- 1. If you claim benefits early, your checks will be reduced for life
2. You may owe state and federal taxes on your benefits
3. You could be entitled to other types of benefits
Spousal benefits: To be eligible for spousal benefits, you must be married to someone who is entitled to Social Security benefits. The maximum amount you can receive is 50% of the amount your spouse is eligible to receive at his or her FRA, and if you're already collecting more than that based on your own work record, you may not be eligible for spousal benefits.
Divorce benefits: Divorce benefits are similar to spousal benefits, except you cannot currently be married and your previous marriage must have lasted for at least 10 years. Again, the maximum amount you can receive through divorce benefits is 50% of the amount your ex-spouse is eligible to collect at his or her FRA.
Survivors benefits: You may be able to collect Social Security after a loved one passes away. Survivors benefits are primarily available to widow(er)s, but in some cases, children, parents, and other family members who were dependent on the deceased for income may be eligible as well.
- Security Patching Made Simple for Linux HPC Instances in Oracle Cloud | Oracle Linux Blog
- Ransomware attack in German hospital ends deadly for a women – blame Shitrix vulnerability | Born's Tech and Windows World
- Matt Blaze on OTP Radio Stations - Schneier on Security
- Monitoring my home network - Karan Sharma
- Are your internet-of-things devices at risk for cyberattacks?
- Oracle To Stick With Solaris "11.4" For Continuous Delivery SRU Releases - Phoronix
- Python Practice Problems: Get Ready for Your Next Interview – Real Python
- F-Droid Free Applications catalog for Android | LibreByte
- Python: The Minimum You Need to Know | Open-Source Routing and Network Simulation
- Exclusive Interview: The Motley Fool Sits Down With Nano-X Imaging
- Network Configuration Files on Oracle Linux 8 - YouTube
- IT Architect Series: Stories From the Field, Vol. 1 · vNinja.net
- PowerShell Notebooks are Available in Azure Data Studio | SQLvariations: SQL Server, a little PowerShell, maybe some Power BI
- Zero Trust Security Model – Linux Hint
- Java 15 Boasts Memory Management Improvements, Text Block Feature
- 5 ways to harden a new system with Ansible | Enable Sysadmin
- A Few Questions on Cybersecurity and the Cloud - Lawfare
- 4 Must-Have Documents for a Peaceful Retirement
- Matt Blaze: A Cryptologic Mystery
- CISA Named Top-Level Root CVE Numbering Authority (CNA)Security Affairs
- There's no cloud, it's just... - Security Art Work
- Because in the end, as the well-known slogan says, the cloud is nothing more than someone else’s computer, and it is important not to lose sight of that at any time. Therefore, your security depends on who that other person is and how the security of that other computer is approached.
- Keeping Up the Pace of Cloud Transformation - Security Boulevard
- CMMC Level 3 Control – Email Sandboxing (SI.3.220) - Security Boulevard
- Detecting Zerologon (CVE-2020-1472) with Zeek - Security Boulevard
- Financial Sector Cybersecurity: How do you compare to your peers? | Digital Defense, Inc.
- The History of Common Vulnerabilities and Exposures (CVE)
- Security Misconfigurations and Their Consequences for Web Security | Acunetix
- 16% of Orgs Require Developers to Self-Educate on Security | Veracode Blog
- IoT Devices Ship with Security Flaws Because Profit Drive the Market - Security Boulevard
- The main driver of the IoT market is not innovation and the final product suffers
The IoT gold rush brings more and more unsecure devices because standards and regulations don’t really exit
Security for IoT devices can still be achieved, even in these conditions, and the solution is in the ISPs’ hands
- phpbash – A Terminal Emulator Web Shell - Security Boulevard
- Düsseldorf University Hospital Emergency Care Postponed After Alleged Cyber Attack - Security Boulevard
- NIST SP 800-53 Gets One Step Closer to Becoming a Standard - Security Boulevard
- Zerologon – hacking Windows servers with a bunch of zeros – Naked Security
- Healthcare: 1 Vulnhub Walkthrough
- Here's What It Takes to Collect $3,790 Per Month in Social Security Benefits
- Open Source Lightweight Directory Access Protocol Solutions - LinuxLinks
- 6 Windows event log IDs to monitor now
- Windows security event log ID 4688
Windows security event log ID 4670
Windows security event log ID 4672
Windows security event log ID 1125 (Error)
Windows Defender event 1006 and event 1007
- BlindSide: Intel/AMD Speculation Bugs Under Microscope Again - Security Boulevard
- Missing DMARC Records Lead to Phishing
- Value Stream Mapping & Security in Software Development | Radware Blog
- [Webinar Recap] The Need for End-to-End Cryptography Management - Keyfactor
- Katie Arrington discusses making development move at the speed of relevance - Security Boulevard
- Krebs’ Three Rules - Security Boulevard
- Three basic rules of online safety.
1. If you didn’t go looking for it, don’t install it.
2. If you installed it, update it.
3. If you aren’t using it, delete it.
- How to get a better view of Wireshark capture files with Brim - TechRepublic
- Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security
- Prosus - Privacy by design Q&A with Monika Tomczak-Gorlikowska and Justin B. Weiss
- Unimap - Scan Only Once By IP Address And Reduce Scan Times With Nmap For Large Amounts Of Data
- CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities
- AES Finder - Utility To Find AES Keys In Running Processes
- ActiveDirectoryEnumeration - Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled
- Georgia Tech creates new school focused on cybersecurity and privacy | News | cbs46.com
- HIPAA Compliance: ONC Updates Security Risk Assessment Tool
- Ai & Automation in Healthcare Security ~ Cyber Thoughts
- Healthcare Needs better Access Control ~ Cyber Thoughts
- Deadly Ransomware Story Continues to Unfold
- Ransomware Gone Awry Has Fatal Consequences
- Fines Tied to Failure to Provide Patients With Records
- Hackers Divert VA Payments Intended for Healthcare Providers
- Cloud Migration 101: Strategy, Precautions, Risks, and Security
- Network Cybersecurity 101: Protecting Your Company’s Online Perimeter
- Minn. hospitals hit by data breach
- Forensics and Prevention in the New Reality by Paula J - Q&A Session | CQURE Academy
- How IT Security Organizations are Attacking the Cybersecurity Problem | Tech Library
- Simplify Your Privacy Approach to Overcome CCPA ...
- Senators Demand More Details on VA Breach - HealthcareInfoSecurity
- This PinePhone Multi-Distro Image Lets You Run 13 Distros on the Linux Phone - 9to5Linux
- Linux hardware: The history of memory and storage devices | Enable Sysadmin
- Creating a Home IPv6 Network | James Bottomley's random Pages
- How to check if CentOS / RHEL needs a full reboot - nixCraft
- [ $(needs-restarting -r >/dev/null ) ] || echo "Reboot $HOSTNAME to install kernel or core libs."
- Nginx vs. Apache: When to Use One or the Other - RoseHosting
- Oracle's Java 15 rides into town, waving the 'we're number one' flag, demands 25th birthday party • The Register
- Why Don't The Bidens Get a Larger Social Security Benefit?
- 3 Reasons Not to Max Out Your 401(k) or IRA
- An introduction to Kubespray | Enable Sysadmin
- Are you backing up ransomware with your data? | 2020-09-16 | Food Engineering
- Taming the tar command: Tips for managing backups in Linux | Enable Sysadmin
- Set up a Wekan kanban server on Linux | Opensource.com
- Arduino Blog » Monitor water quality anywhere in the world with WaterAid
- MagicMirror: a versatile home information hub [LWN.net]
- Duplicate Database on ODA X4 - Blog dbi services
- Eight Key Components of a Database Security Risk Assessment | Integrigy
- Steps of the cyber kill chain – Linux Hint
- Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and control
Actions on Objectives
- Woman Loses Her Life During Ransomware Attack On A Hospital
- How Much You Need for Retirement Depends on These 4 Factors
- Average Americans Would Need an Extra $145,650 to Adjust for Social Security Cuts
- In 2035, Social Security's trust fund is scheduled to run dry, necessitating a 24% automatic cut to benefits as payroll tax revenue will be enough to pay only 76% of the promised amount.
If you follow the 4% rule, you'd need an extra $145,650 in your investment account to produce the $5,826 that you'd need to make up for your lost Social Security benefits.
- 3 Signs You're On Track to Retire a Millionaire
- Approximately 233,000 Americans have at least $1 million stashed in their 401(k) accounts, according to a report from Fidelity Investments.
- You'll Be Shocked at How Many Americans Saved Nothing for Retirement in the Past Year
- SUSE Addresses "ZeroLogon" Vulnerability - SUSE Communities
- server schannel = yes in the [global] section
- Introduction to Linux firewalld zones and rules | Enable Sysadmin
- How To View Linux System Statistics With Saidar - OSTechNix
- An Opportunity for Strengthening U.S.-Australian Cyber Cooperation - Lawfare
- Size matters when it comes to cybersecurity
- Docker Implementation of Published Ports
- How to Keep Your Office Safe This Fall and Winter – Workplace Safety
- Debian-installer, mdadm configuration and the Bad Blocks Controversy – The ongoing struggle
- NVMe | panticz.de
- Intuition About Signals And Systems | Hackaday
- Turning The Raspberry Pi Into A MCU Programmer | Hackaday
- Best Free and Open Source Linux Configuration Management Software - LinuxLinks
- tmpmail - A temporary email right from Linux / Unix terminal - nixCraft
- Improve your time management with Jupyter | Opensource.com
- 3D Printed Magnatic Stirrer : 9 Steps (with Pictures) - Instructables
- Putting The Firmware In Your Firmware | Hackaday
- Linux Fu: Moving /usr | Hackaday
- Building An Open Source ThinkPad Battery | Hackaday
- The B-Sides: Curious Uses Of Off-the-Shelf Parts | Hackaday
- TinySA Is A $49 Spectrum Analyzer | Hackaday
- Python Regular Expressions with Examples - LinuxConfig.org
- Name Your Business | Disruptive Naming Agency | Squadhelp
- Size Does Matter When It Comes To SD Cards | Hackaday
- 40% Keyboard Build Is 100% Open Source | Hackaday
- How to Secure Your PostgreSQL Database - 10 Tips | Severalnines
- Increase your PostgreSQL databases security by checking a few settings Part 2 - Blog dbi services
- Installing Windows Packages with winget | The Frog Pond of Technology
- Importance TERRAFORM commands that we should know - LinuxTechLab
- What is a Good Cybersecurity Program? It Varies for Everyone - Security Boulevard
- Ransomware to blame for nearly half the cyber-insurance claims filed in early 2020
- (Insurance companies frequently refuse to pay cybersecurity-related claims, depending on the policy and exact circumstances, unless compelled by a court.)
- A Look at Royal Bank of Canada's Homegrown GPU Farm
- Where's the Yelp for open-source tools?
- Moog's new coffee table book is filled with tips for synth nerds | Engadget
- Spinning Rust Gets an Upgrade – EEJournal
- "Microsoft Wants To Create A Complete Virtualization Stack With Linux" - Phoronix
- TOR Anonymity: Things Not To Do While Using TOR
- 1. Don’t use your mobile phone for 2-Step verification on Tor
2. Don’t operate user accounts outside TOR
3. Don’t post your personal information
4. Don’t send unencrypted data over TOR
5. Don’t use TOR with Windows?
6. Don’t forget to delete cookies and local website data
7. Don’t use TOR for Google Search
8. Don’t use HTTP website on TOR
9. Don’t connect to the same server with and without TOR simultaneously
- Octavia: proxy protocol | panticz.de
- How to Teach My Teenager Frugality – BeingFrugal.net
- NYU CCS project – NYU Center for Cyber Security
- Windows code-signing attacks explained (and how to defend against them) | CSO Online
- Introduction to Researching Foreign Influence in the US – We are OSINTCurio.us
- EU plans to introduce sweeping 'right to repair' legislation for electronics | Engadget
- ACSC Releases Annual Cyber Threat Report for 2019–2020 | CISA
- BSidesGVL 2020 - Jeff Hoskins - "CISSP for Cheap!" - YouTube
- Understanding Cross-Origin Resource Sharing Vulnerabilities - Blog | Tenable®
- How to Maximize Compliance Scans with Nessus - Blog | Tenable®
- Top 10 Configuration Management Tools You Need to Know About
- The Heartbleed Bug – Old Bugs Die Hard | Acunetix
- Cleaning up the Active Directory Forest - Security Boulevard
- Vulnerability 1: ‘Password’ Is Not a Password
Vulnerability 2: Reassess Your User Governance Policies
Vulnerability 3: Removing Built-In Privileges
Vulnerability 4: Update Your Operating Systems
- Dashboards: An Effective Cybersecurity Tool to Visualize Your Key Data
- The Inside-Out Application Security Opportunity with RASP - Signal Sciences
- What is the Certificate Chain of Trust? - Security Boulevard
- Run as SYSTEM using Evil-WinRM :: malicious.link — welcome
- DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks
- DockerENT
- Travel Industry Giants Failed to Secure their Websites Despite High-Profile Data Breaches, New Research Shows - Security Boulevard
- 'The C-Suite Report' Simplified: 4 Key Takeaways - Security Boulevard
- Takeaway 1: Cybersecurity Is a Priority
Takeaway 2: Confidence Is High
Takeaway 3: Priorities Depend on Geography
Takeaway 4: Future Efforts
- Hitting the books: How China uses AI to influence its 1.4 billion citizens | Engadget
- Security Engineering - A Guide to Building Dependable Distributed Systems
- How to use Jupyter Notebook for practicing python programs - https://www.pythoncircle.com
- The Best Hardware From The 1980s | Avast - Security Boulevard
- Responding to Cloud Misconfigurations with Security Automation and Common-Sense Tips - Siemplify
- 1. Know your cloud environments and define a security foundation. AWS, for example, provides downloadable readiness assessment and security architecture frameworks.
Review access controls to ensure only authorized users can take action on specified cloud resources. This includes ensuring IAM policies are properly implemented, for example bucket policies on storage accounts inside of Amazon S3.
2. Enforce the principle of least privilege by only giving your users the permissions they need to do their jobs. Consider setting up multifactor authentication and single sign-on for extra layers of security.
3. Implement logging, which can identify changes to your cloud environments and help determine the extent of an incident.
Enable AWS blocking of public access for S3 buckets. Separate objects into different buckets based on access controls (e.g. public versus private).
4. Take advantage of free tools to diagram and analyze your cloud environments and perform best practice assessments and audits. These include CloudMapper, Prowler and Scout Suite, and many more exist.
5. Much of this work can be automated, and AWS offers a service known as Macie designed to discover misconfigurations on S3 accounts, as well as data that shouldn’t be in them.
- Diving Deeper: 4 Best Practices for Securing Enterprise Data in Office 365 (O365) - CipherCloud
- 1. Controlling Unmanaged devices: Enabling users to access O365 from any device while ensuring that the right controls are in place. CASB+ offers adaptive controls that enable practitioners to disable the storage of sensitive data like PCI/HIPAA and configure policies based on business requirements.
2. Securing email and Teams collaboration: Protecting specific data sets across O365 Email and Teams collaboration models. CASB+ detects when users attempt to share sensitive information (SSNs, card data, PHI data, etc.) on email, Teams chats or channels with an unauthorized or external user; policies can be tailored to mask or delete that information.
3. Privileged user monitoring: Protecting against improper data handling. CASB+ detects anomalous user behavior such as logging from an unusual location and downloading an unusual amount of data. Administrators can move quickly to remove access and even wipe involved data.
4. Data classification: Securing sensitive files with multi-level policy enforcement. Using CASB+, O365 and Teams collaboration can be secured by controlling how/where/when sensitive data is shared, specifically through the use of integrated DLP and centralized policies.
- Cybersecurity Best Practices to Keep Your Online Business Safe
- Meeting Customer Security Needs along Their Security Maturity Journey
- . All organizations, regardless of size, struggle in the same four areas. The impact just depends on the type of the organization.
1. It’s hard to hire and keep highly skilled information security personnel.
2. Advanced attacks are getting harder to detect due to changes in tactics techniques and procedures (TTPs).
3. The impact in mean time to respond (MTTR) is increasing as a direct result of a lack of time to investigate every alert. There are just too many.
4. InfoSec professionals are overloaded, with too many tools and not enough automation to help manage all the alerts.
- Back in 2015, while working on a Gartner SOC paper, I coined the concept of “SOC nuclear triad”… - Security Boulevard
- The model was originally built to demonstrate the necessary security visibility via three pillars:
Logs (such as via SIEM)
Network data (such as via NTA/NDR)
Endpoint data (such as via EDR)
- Cybersecurity Maturity Model Certification and Why You Should Care
- This new CMMC requirement will affect over 300,000 different companies from large system integrators to simple mom-and-pop shops that might provide cleaning services.
- Strategies for Insider Threat Mitigation
- More than 230 Million US Health Records Have Been Stolen or Lost in Past Decade - Security Boulevard
- New CISO? Top 5 Things You Need to Know - Security Boulevard
- 1. Conduct a baseline security posture assessment
2. Assess team skills and identify gaps
3. Build key relationships, especially with IT
4. Communicate your vision across the enterprise
5. Deliver key wins and spread the word
- RoboCallers Hit with Permanent Injunction by Courts - Security Boulevard
- Survey: SMBs Increasingly Have to ‘Do More with Less’ When it Comes To Cybersecurity - Security Boulevard
- Protect Your Organization from the Ransomware Trifecta - Security Boulevard
- RDP compromise (~60%)
Email phishing (~24%)
Software vulnerabilities, especially in VPNs (~15%)
- PCI DSS 4.0 and the Changing Approach to Compliance - Security Boulevard
- Veracode Blog| Why Application Security is Important to Vulnerability Management
- Fairfax County Public Schools hit by Maze ransomwareSecurity Affairs
- Bank of Seychelles hit by a ransomware attack ......Security Affairs
- Decrypting TLS connections with new Raccoon AttackSecurity Affairs
- Cliché: Security through obscurity (yet again) - Security Boulevard
- USG notes, GV LAN configuration | Nelson's log
- Chris's Wiki :: blog/linux/DNFLogsWhatWhere
- SeaChange video delivery provider discloses REVIL ransomware attackSecurity Affairs
- Netwalker ransomware hit K-Electric, a major Pakistani electricity providerSecurity Affairs
- Spill is hijacking my formulas - how to disable it? - Microsoft Community
- This is an issue as I'm trying to use different formulas as I'm progressing down the column but Spill is not letting me. If I try to delete the auto filled formula, there is actually nothing to delete, it's a phantom formula, formula bar syntax is greyed out and the formula keeps showing up.
If I try to delete a formula above I get an error #spill or something.
- Postal Service Used Apps That Had ‘Catastrophic’ Vulnerabilities for Years
- Serious Security: Hacking Windows passwords via your wallpaper – Naked Security
- Ranking National Cyber Power - Schneier on Security
- The rankings: 1. US, 2. China, 3. UK, 4. Russia, 5. Netherlands, 6. France, 7. Germany, 8. Canada, 9. Japan, 10. Australia, 11. Israel. More countries are in the document.
- An overview of targeted attacks and APTs on Linux | Securelist
- Colocation data centers giant Equinix data hit by Netwalker RansomwareSecurity Affairs
- InfoSec Handlers Diary Blog
- Get-Clipboard -Format text
- Sysadmin careers: My road to a career in Linux system administration | Enable Sysadmin
- KMail account trouble | Ctrl blog
- Network routers are just computers | Ctrl blog
- A recent study of 127 new home routers had some very worrying findings. One-third ship with Linux kernel version 2.6.36 was released in October 2010. You can walk into a store today and buy a brand new router powered by software that’s almost 10 years out of date! This outdated version of the Linux kernel has 233 known security vulnerabilities registered in the Common Vulnerability and Exposures (CVE) database.
- Forensic Investigation: Preserve TimeStamp
- Generating and Using SSH Keys, Part 1 - Low End Box
- Unifi Network Controller on Ubuntu 20 | Nelson's log
- Cyber-Risks Explode With Move to Telehealth Services
- Two Years on from GDPR: Has It Driven Growth in ...
- Docker for Pentester: Image Vulnerability Assessment
- 5 Lessons to Learn in Vulnerability Risk Assessment
- Errata Security: Cliché: Security through obscurity (yet again)
- Ευάγγελος Μπαλάσκας - VMs on KVM with Terraform » Evaggelos Balaskas - System Engineer
- The benefits of making code worse | Benji's Blog -
- A new security flaw is revealed with 'BlindSide' on Linux affecting Intel and AMD | GamingOnLinux
- Debian Janitor: All Packages Processed with Lintian-Brush
- How to Create and Run Cron Jobs on Linux - RoseHosting
- How To Install Netdata Monitoring on Ubuntu 20.04 LTS - idroot
- Computer Science Should Be Taught Using Free/Libre Software for Long-Term Benefits | Techrights
- Setting the root password in preseed.cfg for unattended installation | Sebest's Nuage ☁️
- 8 Steps to Becoming an Effective Leader – Running Your Business
- 1. Develop Conversation Intelligence
2. Think Ahead
3. Be Optimistic and Inspirational
4. Remember That Effective Leaders Are Humble
5. Show Your Passionate Side
6. Learn from Your Failures
7. Delegate for the Greater Good
8. Effective Leaders Know to Keep Growing
Effective Leaders Are Made, Not Born
- Sysadmin survival guide | HPE
- Learning is key - Keeping your skills up to date is the single most important thing you can do to stay relevant.
Avoid getting stuck - managing an application that's practically on life support. Try not to get dropped into a role that you can’t easily hand off when better opportunities come along. Instead, focus on tasks that will help you develop new skills.
Welcome problems - some of my most significant learning opportunities have come about when I ran into a problem that at first seemed like a brick wall.
Develop good troubleshooting skills
Develop a process:
What errors or unusual behaviors am I seeing?
What evidence am I seeing in the log files?
What just changed that might have brought about the problem?
How is the system different from similar systems that don’t show the problem?
How can the problem be divided into parts? For example, might disk space, memory contention, configuration changes, or network problems be playing a role?
What troubleshooting tools do I have on hand to help? Do I know how to examine processes, disk usage, log files, open files, network connections, etc.?
Might the problem I’m investigating be a side effect of a larger problem?
Be proactive - Don’t wait to be told what to do. When you can, take the lead. Notice what’s working and what’s not working. Suggest improvements.
Think security, security, security - Make system security part of everything you do.
Explore your company’s reach - Make a point of understanding your company’s reach—its products and customers.
Know your customers - Know who your customers are whether they are internal or external. To the extent possible, tune in to their problems.
Be adaptable -
Reach beyond your job - Don’t let your boss, your current position, or your company be your sole locus of professional activity. Develop relationships with other professionals in your field—through conferences, online forums, community groups, etc.
Pursue your interests
- Arm Linux version of J-Link debugger lets the Raspberry Pi play host
- Starting with PostgreSQL - Blog dbi services
- Linux servers and workstations are hackers' next target, security researchers warn - TechRepublic
- 11 types of hackers and how they will harm you | CSO Online
- 1. The bank robber
2. The nation-state
3. The corporate spy
4. The professional hacking group for hire
5. The rogue gamer
6. Cryptojackers: The resource vampires
7. The hacktivists
8. The botnet masters
9. The adware spammer
10. The thrill hacker
11. The accidental hacker
- Cut in TLS certificate life could lead to greater risk of outages
- Certificates that were issued before the enforcement date won't be affected, neither will those that have been issued from user-added or administrator-added Root certificate authorities (CAs). To avoid any unintended consequences Apple is recommending that new certificates be issued with a maximum validity of 397 days.
- Considerations for Host-based Firewalls (Part 1) « ipSpace.net blog
- NetworkingInPubClouds/security at master · nadeemnet/NetworkingInPubClouds · GitHub
- The What, Why & How of SSH Protocol | Keyfactor
- Gunnar Wolf• RPi 4 + 8GB, Finally, USB-functional!
- A beginner's guide to firewalld in Linux | Enable Sysadmin
- How to Check Java Version | Linuxize
- Starting Container-Based Services
- Legality of Security Research to be Decided in US ...
- Secureworks to Buy Delve Laboratories for ...
- Human Rights and TPMs: Lessons from 22 Years of the U.S. DMCA | Electronic Frontier Foundation
- 5 Patch Management Best Practices to Safeguard Your Business in 2020
- #1. Asset inventory
#2. Patch management schedules
One of the key aspects when it comes to patching is setting up a clear schedule. Patches should not be applied randomly, whenever you remember or when you find out a vulnerability is being actively exploited in the wild.
#3. Timely patch deployment
#4. Testing
#5. Automation
#6. Reporting
- Cybersecurity Leadership: The New Threat Landscape
- Vulnerability Assessment With Nessus Home - Part 1 | Alpine Security
- USB Forensics: Detection & Investigation
- Sysadmin toolbox: How to use the sort command to process text in Linux | Enable Sysadmin
- Cyber security is next frontier for open source
- We must improve security visibility, we must respond faster to the growing threat landscape, we must embed security into and keep up with the pace of business transformation.”
For enterprises, open security means they will no longer be forced to rely on a single supplier, or just their own developers and security experts, Youngblood said. “You have an entire community lined up in support of a particular standard and to deliver open source codes and technologies,” he added.
- How to Start a Dropshipping Business in 5 Simple Steps – Business Ideas
- New Vulnerability, BLURtooth, Attacks Bluetooth Devices - Make Tech Easier
- Best SQL Server Monitoring Tools in 2020
- How to prepare for a natural disaster
- A bandana and/or an N95 mask or respirator.
A change of clothing.
A flashlight or headlamp with spare batteries.
Extra car keys and some cash.
A map marked with evacuation routes and a designated meeting point.
Prescription medications.
A basic first aid kit.
Photocopies of important documents.
Digital backup of important files.
Pet supplies.
Water bottle and snacks.
Spare chargers for your electronic equipment.
- Seven Lucky Gods of Japan
- Inova Suffers Third-Party Data Breach
- CMMC bakes security into DoD’s supply chain, has value for all businesses | CSO Online
- “These solutions include compliance documentation that really helps customers that are in the cloud understand and be able to demonstrate how they're meeting CMMC compliance. [The solutions also include] an automated environment that [has] been purpose-built to support the needs and the expectations of CMMC. So, the AWS cloud helps customers to quickly develop tests and deploy their CMMC environment.”
“If you put a problem out there, industry will solve it if you give them the opportunity,” Arrington said of the efforts by AWS and other CSPs. “What you're seeing today is exactly that. I applaud the efforts of all the CSPs and product providers that have been out there.”
“They’re talking about amending Sarbanes-Oxley [a key law protecting investors from fraud] to include cybersecurity. So, think about it. They’re not kidding around. People say, ‘Oh it’s such a high burden to get there,’” she said. “Your adversary knows you and they’re looking for the absolute weakest link in any supply chain.”
- 4 top vulnerabilities ransomware attackers exploited in 2020 | CSO Online
- CVE-2019-19781: Citrix Application Delivery Controller
CVE-2019-11510 Pulse Connect Secure
CVE 2012-0158: Microsoft Office Common Controls
CVE-2018-8453: Windows Win32k components
- Google Cloud Associate Cloud Engineer Mind Map - Wahl Network
- ORA-1555 won't get reported into alert.log anymore since 19.4.0
- ORA-1555
- An important update addresses a Spoofing Vulnerability in AD FS - The things that are better left unspoken
- Step by Step Guide to Setup LDAPS on Windows Server - Microsoft Tech Community - 385362
- Lessons from load balancers and multicast
- A critical lesson I learned is that running out of capacity is the worst thing you can do in networking
You can prevent a lot of problems if you can deep dive into an architecture and understand it’s tradeoffs and limitations
Magic infrastructure is often extremely hard to troubleshoot and debug
- 61 percent of companies experience insider attacks
- How To Manage NTFS Permissions With PowerShell
- How to configure Azure Automatic VM guest OS patching - Thomas Maurer
- Five philosophies of career success - 80,000 Hours
- 10 common cloud security mistakes that put your data at risk | CSO Online
- 1. Unsecured storage containers
2. Lack of applications protection
3. Trusting SMS MFA to secure an account – or having no MFA at all
4. Not knowing your access rights
5. Leaving ports open
6. Not watching for remote access
7. Not managing your secrets
8. The curse of GitHub – trusting the supply chain
9. No meaningful logs
10. Not patching servers
- What is Microsoft Lists? - TDSheridan Lab
- Teams Wiki vs. OneNote - SharePoint Maven
- Windows XP won’t die in 2020 | Born's Tech and Windows World
- Writing a custom Ansible module ⁕ Vincent Bernat
- Auditing Your Database - Is It Enough For Your Data Security Needs? | Imperva
- Where Do We Need Smart NICs? « ipSpace.net blog
- Raccoon attack allows hackers to break TLS encryption 'under certain conditions' | ZDNet
- How I learned Python | Codementor
- How this open source test framework evolves with .NET | Opensource.com
- #tsql2sday #130 – Automate your stress away – Getting more SSIS Agent Job information | SQL DBA with A Beard
- How to Block USB Drives in Windows using Group Policy? | Windows OS Hub
- The Devil Is in the Data - Lawfare
- Packer by HashiCorp : First Steps | The ORACLE-BASE Blog
- My Thoughts on LinkedIn in 2020 — EtherealMind
- Why Routers and Switches Don’t Matter Now — EtherealMind
- Level Up Your Career with Kubernetes - Mohammad Darab
- How to Connect to WiFi from the Terminal in Ubuntu Linux
- How to implement a simple personal/private Linux container image registry for internal use | Enable Sysadmin
- Notes on good judgement and how to develop it - 80,000 Hours
- Hacking Ethernet out of Fibre Channel cards
- IPoverFC
- Supplier Management. Between Deming's principles and those of the European Union - Security Art Work
- “end the practice of doing business based on price; instead, minimize total cost through a few suppliers based on long-term relationships built on loyalty and trust.”
- How to create a modern presentation in Open Office Impress
- From Concept To Live In Two Weeks With Django · Matt Layman
- Hackers use legit tool to take over Docker, Kubernetes platforms
- Post-COVID-19 Cybersecurity Spending Update
- Security Spending Will Still Grow - grow by 2.4% compared with last year.
Some Organizations Plan Big Security Investment - 58% of organizations reported increased spending, with almost one in four organizations experiencing an increase of 25% or more in security spending.
MFA Led Spending During COVID-19 Scramble
Cloud Security Leads - growth gains of over 33%, which far outstrips the runner-up categories of data security (up 7.2%) and application security (up 6.2%).
Staffing Increases - In spite of slightly upward spending trajectories for the security industry as a whole, half of organizations have had to furlough one to two SOC employees, and 68% have had to lay off one to three staff members. Meantime, 57% of organizations said they've deferred any further security hiring.
cybersecurity spend.
.48% of revenue
10.9% of overall IT spend
2,691 per FTE
- France national cyber-security agency warns of Emotet attacksSecurity Affairs
- How to Compete in Cyberspace: An Accompaniment - Lawfare
- Preserving data integrity | Insanity Industries
- Amiga Fast File System Return to the Linux Kernel – CubicleNate's Techpad
- Engineer Quits Facebook, Says Company 'Profiting Off Hate'
- Linux troubleshooting: Setting up a TCP listener with ncat | Enable Sysadmin
- Keycloak with Okta IDP Initiated SSO Login | Lisenet.com :: Linux | Security | Networking
- Red Hat on Red Hat: How collaboration can transform configuration management in IT
- After assessing each of these business challenges, we set to work on establishing key objectives for our success as we transitioned to Ansible, based on the things we thought our best-in-class Configuration Management should be and do:
1. Drive consistency, reusability, and a predictable system state through loose coupling and standard patterns.
2. Be modern, supportable, usable, focused on security and projected future needs (e.g. using OpenStack in our new datacenter) including modern application. workloads ( IaaS, PaaS, and eventually Serverless), and on-demand environments.
3. Align with open hybrid cloud program requirements, including scalability and resiliency requirements.
4. Be environment and instance agnostic; these should not enforce application environment strategies.
5. Support shared data and secrets between deployment models (IaaS, PaaS, etc.).
6. Facilitate offline application and CM development.
7. Make use of existing sources of truth rather than hard-coding or duplicating (e.g. IdM, AWS tags).
8. Encourage the creation of testable code.
- Should I run my desktop 24/7? | Enable Sysadmin
- Netbooting the live server installer - Server - Ubuntu Community Hub
- NVMe over TCP | Oracle Linux Blog
- HardInfo - Check Hardware Information in Linux
- Yubico's latest security key uses NFC or USB-C for authentication | Engadget
- Mathematicians Made a Basic Discovery in Shapes After 2,000 Years
- In their paper, the trio present a theoretical proof for why such a trip is possible on dodecahedra but not other Platonic solids. Aulicino explained that there are certain symmetries that the dodecahedron lacks and that the other solids possess, and these symmetries are what prevent you from getting back to where you started without passing another corner on these solids.
- PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud
- The Curious Case of the Baltimore Ransomware Attack: What You Need to Know
- Stung by Ransomware, Australia Urges Better Preparation
- Newcastle University says it will take “several weeks” to recover from cyber attack • Graham Cluley
- RedCommander: Open source tool for red teaming exercises - Help Net Security
- 10 value-adds that CISOs can deliver | CSO Online
- Bring better order to organizational data
Identify policy and procedural lapses
Spot superfluous spending
Lend skills to IP protection
Make security a selling point
Build bridges
Help out partners
Find, promote opportunities for standardization
Shape strategic plans
Streamline regulatory controls
- SELinux for beginners - Blog dbi services
- Couple of Quick Ansible Tips – Unadulterated Nerdery
- Sapiens: Are We Happier And Better Off Than Our Ancient Ancestors? — My Money Blog
- Centos 8 (Proxmox) + Active Directory authorization – SvennD
- The change in SCP trial reveals its biggest problem | It's full of stars!
- As with the Neo trial, the CF trial comes with some limitations.
The most important limitation is the time limit. “Cloud Foundry trial accounts expire after 30 days. You can extend the trial period to a maximum of 90 days, after which your account is automatically deleted.”
After the maximum of 90 days, you can create a new trial account and in theory, have unlimited access to CF trial. But SAP does not make it too easy: “Note that the new account starts from scratch and you cannot carry over any development projects from your previous trial account to the new one”. After 90 days all your configurations are gone, and you start from zero. Depending on what you configured in the CF trial, this will take some time. Precious time during which the next 90 days are already running.
- Nebulon – It’s Server Storage Jim, But Not As We Know It | PenguinPunk.net
- Nebulon defines its offering as “cloud-defined storage (CDS)”. It’s basically an add-in card that delivers “on-premises, server-based enterprise-class storage that consumes no server CPU / memory resources and is defined and managed through the cloud”. This is achieved via a combination of nebulon ON (the cloud management plane) and the Nebulon Services Processing Unit (SPU).
- Increase your PostgreSQL databases security by checking a few settings - Blog dbi services
- China Bans Kids’ Programming Language ‘Scratch’ Due To Anti-China Content
- Raspberry Pi cluster with k3s & Salt (Part 1)
- CarPiHat Connects Raspberry Pi to your Car with Opto GPIO, CAN Bus, 12V Outputs
- How to Install Sensu Monitoring on Ubuntu 20.04
- Reasons to hire inexperienced engineers | Benji's Blog -
- Fresh Perspectives
Incentive for Simplicity and Safety
Growth opportunity for others
Level up fast
Tenure
Action over Analysis
Hire Faster
- Use libguestfs to manage virtual machine disk images | Enable Sysadmin
- Motorola's budget G9 phone has a 64-megapixel camera and 5,000 mAh battery | Engadget
- Moto G9 Plus
- How would I evacuate in an emergency? – Scott Gruby's Blog
- Using Google Firebase as free HTTP & HTTPS redirect service
- Ergonomics Assessment for Employees - VinciWorks Blog
- Ex-Cisco Engineer Pleads Guilty to Insider Threat Case Dealing $1.4 Million in Damages | SENSEI ENTERPRISES, INC.
- UCLA Visiting Researcher Arrested and Charged with Evidence Destruction | SENSEI ENTERPRISES, INC.
- The Ins and Outs of Penetration Testing for Web Apps | Codementor
- Understanding the CSRF Vulnerability (A Beginner’s Guide)
- blog.ipfire.org - Thoughts on operations security for the masses
- Disclosure 2020: Opening Keynote with the Grugq - Strategic Cyber Warfare - YouTube
- The Inside Story of the 25-Year, $8 Million Heist From the Carnegie Library | Arts & Culture | Smithsonian Magazine
- Sysdig Integrates VulnDB to Strengthen Vulnerability Intelligence Reporting – RBS
- Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS
- Netwalker Ransomware hit Argentina's official immigration agencySecurity Affairs
- Learning From the Best: James Collins, CIO in Delaware - Security Boulevard
- SunCrypt Ransomware behind North Carolina school district data breachSecurity Affairs
- Data Breach at Roper St. Francis Hospital Affects 6,000 Patients – HOTforSecurity
- Such medical records are usually worth up to 50 times more than credit card information, and it has been known to reach $1,000 on the black market. The only immediate mitigation includes improving email and endpoint security and training employees to recognize intrusions and phishing campaigns.
- Top Cybersecurity Challenges Facing Government Agencies | Radware Blog
- Why Patch Management Is Important and How to Get It Right
- Lessons Learned from SSH Credential Honeypots · System Overlord
- Build a remote management console using Python and Jupyter Notebooks | Opensource.com
- Migrate your Java Apps to containers with Migration Toolkit for Applications 5.0 - Red Hat Developer
- How to optimize Windows event logging to better investigate attacks | CSO Online
- Free — IMF Security
- 5 Ways for Cybersecurity Teams to Work Smarter, Not ...
- Understand the Business
Acknowledge Complexity
Reassess Business Models
Commit to Automation
Know the Adversary
- Morris County Resident Sentenced to 94 Months in Prison for Computer Intrusions that Targeted Two New Jersey Companies | USAO-NJ | Department of Justice
- New Jersey Man Sentenced to 7+ Years for Cyber ...
- The Hidden Costs of Losing Security Talent
- According to Simone Petrella, founder and CEO of online training firm CyberVista, an experienced security analyst commands an average annual salary of about $100,000. And when that analyst leaves a company, it typically takes eight months to replace that person and almost four months to train a replacement.
- 5 Tips for Triaging Risk from Exposed Credentials
- Validate Whether the Credentials Belong to Current Employees
Suppress New Alerts for the Same Credentials
Weed Out Duplicate Credential Data
Make Sure the Credentials Are Genuine
Implement Continuous Monitoring for Stolen/Leaked Credentials
- DHS Partners with Industry to Offer State, Local ...
- ISO 27701 Paves the Way for a Strategic Approach to ...
- What is a Linux Distribution? Why is it Called 'Distribution'?
- Want to make better decisions? Encourage disagreement | Opensource.com
- How to Install Remote Desktop on Ubuntu 20.04 with XRDP - Low End Box
- Quietech Associates, Inc. - Home
- 30 python scripts examples – Linux Hint
- The 5 Best Free and Open-Source PDF Editors | FOSS Linux
- Desktop SSD usage statistic | blog.erben.sk
- Service Terms | Greyhawk's Meanderings
- Sysadmin tales: My worst mistake as a sysadmin | Enable Sysadmin
- PCLinuxOS Magazine - Page 5
- The NSA and FBI have advised that Linux users should do three things to protect themselves from this malware. First, they should update to Linux Kernel 3.7 or later, "in order to take full advantage of kernel signing enforcement." Second, they should activate UEFI Secure Boot. Third, Linux users should "configure systems to load only modules with a valid digital signature, making it more difficult for an actor to introduce a malicious kernel module into the system."
- Managing a non-profit organization's supply chain with Groovy | Opensource.com
- 8 Time Consuming IT Tasks You Need to Automate Now - GeeksforGeeks
- A look at password security, Part IV: WebAuthn - The Mozilla Blog
- A look at password security, Part III: More secure login protocols - The Mozilla Blog
- A look at password security, Part V: Disk Encryption - The Mozilla Blog
- Threat Hunting: Velociraptor for Endpoint Monitoring
- Incident Response: Windows Account Logon and logon Events
- US Agencies Must Create Vulnerability Disclosure Policies
- List of data breaches and cyber attacks in August 2020 – 36.6 million records breached - IT Governance UK Blog
- Faraday v3.12 - Collaborative Penetration Test and Vulnerability Management Platform
- SpaceSiren - A Honey Token Manager And Alert System For AWS
- DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
- How Government AI Stole Hundreds of Millions of Dollars From Citizens
- Building OSKit | Fun with virtualization
- Microsoft: Flash Player will be removable in autumn, support will end in 2021 | Born's Tech and Windows World
- Leveraging the Power of the Robocopy /MIR Switch
- Self Service your IT with PowerShell and au2mator
- au2mator
- How to use Apache to redirect all traffic from http to https - LinuxConfig.org
- Favorite Learning Resources & Tools - Google Sheets
- NBlog - the NoticeBored/SecAware blog: NBlog Sept 4 - standardising ISMS data interfaces
- NBlog - the NoticeBored/SecAware blog: NBlog Sept 3 - ISO27001 rocket fuel
- "that managing information risks properly is more than just a compliance imperative. It's good for business."
- How to Use Linux Smart Enumeration to Discover Paths to Privesc « Null Byte :: WonderHowTo
- PAM Security Essentials – Identity Management & Asset Protection
- ‘Smart Helmets’ get their U.S. test flight at Flint’s Bishop Airport scanning temps, recognizing faces - mlive.com
- Health care interoperability: Preparing to meet new privacy and security obligations
- PEPR '20 | USENIX
- Schools Are Moving to Remote Lessons: Cybersecurity Essentials for Schools
- Windows 8.1 slow after flash update KB4561600 | Born's Tech and Windows World
- Equifax Breach: CISO Describes Lessons Learned
- Regulator Offers Asset Management, Mobile App Advice
- A Tale of Two Hacker Incidents - HealthcareInfoSecurity
- Cybersecurity Leaders: Planning (and Budgeting) for 2021
- https://www.cdse.edu/documents/cdse/insider-risk-jobaid.pdf
- Certified Kubernetes Administrator Exam Review - Virtual Elephant
- iOS Forensics: HFS+ file system, partitions and relevant evidences | Andrea Fortuna
- PowerZure, exploit framework targeting Azure, has been updated | Andrea Fortuna
- Cheat-Sheets — Malware Archaeology
- Logging — Malware Archaeology
- https://www.whitehouse.gov/wp-content/uploads/2020/09/2020SPD5.mem_.pdf
- Goodbye, Drobo | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
- Automate Let's Encrypt SSL Installation with Ansible for Multiple Domains - LinuxBuz
- Why upstream Ansible stopped shipping rpms – The Ramblings
- Securedrop Worktstation and how can you help
- https://assets.pubpub.org/6konmefn/21597242874854.pdf
- Erman Arslan's Oracle Blog: OBIEE - SSO -- Integrating with a third party login with AD authentication / passing user and pass in URL
- will
- Canonical Releases Important Ubuntu Kernel Updates to Patch 17 Vulnerabilities - 9to5Linux
- SSH password automation in Linux with sshpass | Enable Sysadmin
- Announcing the Unbreakable Enterprise Kernel Release 5 Update 4 for Oracle Linux | Oracle Linux Blog
- Rick Elrod - How Ansible/ansible-base releases work
- Teen arrested for alleged cyberattacks on Miami-Dade schools | TheHill
- LibreOffice Information: The best LibreOffice extensions. Barcode
- Postfix vs. Sendmail – Linux Hint
- Hotspot Version 1.3.0 Released - KDAB on Qt KDAB
- PXE server in Fedora with dnsmasq – Apuntes de root
- Wireshark Network Forensic Analysis Tutorial – Linux Hint
- Command Line 101 – Tookmund – A place for my random thoughts about software
- Design a book cover with an open source alternative to InDesign | Opensource.com
- When, Why, and How To Use Web Scraping In A Nutshell - The Python Podcast
- NSL Lectures
- Buffett's Berkshire Hathaway buys stakes in 5 Japanese trading houses - Japan Today
- DIY Propane Fire Pit for Under $300 – Garrett Patterson
- Adding call-outs to images - NevBlog
- Building the Grand Strategy for Cybersecurity | SIGNAL Magazine
- How Do We Identify Leadership If We Taint the Definition With Politics and Ideology? Here Are 10 Enduring Principles of Great Leaders
- Windows 10 Guide: How to Fix Audio Issues in Windows 10 PCs
- With cloud's security benefits comes systemic risks, report finds | CSO Online
- 8 things your security team needs to know about WPA3 | CSO Online
- 1. WPA3 certification is now required for all Wi-Fi devices
2. WPA2 devices will interoperate with WPA3
3. WPA3 has a mode for individual users
4. WPA3 has a mode for organizations
5. WPA3-certified devices will have the latest security protocols
6. Rules against password reuse particularly important with WPA3 devices
7. WPA fixes shortcomings in WEP
8. WPA3 development is ongoing
- Mihari - A Helper To Run OSINT Queries & Manage Results Continuously
- Why the World May Never Truly Be Rid of Dongles
- Does Your State Have an Estate or Inheritance Tax?
- What Does the EU Cybersecurity Act Mean for US-based Businesses?
- How to Improve PCI Compliance and Reduce Technical Debt - Security Boulevard
- Setup Detachable and Reattachable Terminal Sessions With tmux on your VPS - Low End Box
- Why log management is essential to successful implementation of DevSecOps [Q&A]
- Let Employees Design the New Workspace After Relocation – Productivity
- Creating Oracle Connections…from outside of SQL Developer – ThatJeffSmith
- CMMC Awesomeness
- Replace vSphere 7 with Tanzu Certificates - The IT Hollow
- DEF CON Safe Mode Red Team Village - Chris Cottrell - Guerrilla Red Team Decentralizing Adversary - YouTube
- 'Wet Ass Postage:' Sexualizing the Post Office to Save the USPS
- Video : Simple Oracle Document Access (SODA) for PL/SQL | The ORACLE-BASE Blog
- Do's and Don'ts Of Conducting a FSSC Cybersecurity Profile Assessment
- 5 ways to convert video files on Linux
- Vagrant Box Drama | The ORACLE-BASE Blog
- Structured distraction: how to make the most of your breaks at work
- We need to alternate between focus and distractions. Instead of forcing ourselves to work through fatigue and demotivation, we may as well take productive breaks.
Movement breaks. Get up and move your body. If you have time, go for a walk. You could even go for a run, or use your break for a gym session. If you don’t have a lot of time, getting up and stretching your body or doing some jumping jacks. Short, intense exercise has been proven to have a very positive impact on both attention and short-term memory formation.
Mental breaks. Do a short meditation or deep breathing session. Or just let your mind wander: scientists have found that daydreaming has a positive impact on cognition.
Social breaks. We are social animals. Social breaks, such as chatting with your peers, show a positive association with feeling recovered after the break. Schedule some social breaks with a colleague or a friend.
Nature breaks. Go outside to get some sunlight. If there’s a park nearby, even better. Studies show that nature has a positive impact on our mental health. You could also pet a dog if you have one handy. Research has shown that our oxytocin levels increase when gazing in a pet’s eyes. Oxytocin is often called the “cuddle drug” because it is released when two people are bonding emotionally. It’s an easy way to feel happy.
Creative breaks. Draw, doodle, listen to some music. Listening to classical music in particular has been shown to help with relaxation. If you can’t leave your desk, creative breaks are an easy way to take your mind off work for a little while.
- Chadwick Boseman's Howard University 2018 Commencement Speech - YouTube
- Linux Upskill Challenge | linuxupskillchallenge
- iPXE | Booting CoreOS Container Linux via iPXE
- Pale Purple - iPXE Network booting for ISO images
- chain
- GitHub - RedTeamPentesting/monsoon: Fast HTTP enumerator
- Fuzzing the Linux kernel (x86) entry code, Part 2 of 3 | Oracle Linux Blog
- GitHub - ashishb/android-security-awesome: A collection of android security related resources
- DEF CON 28 Safe Mode Red Team Village - Tim Wadhwa-Brown's 'All Of The Threats: Intelligence Modeling' - Security Boulevard
- Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others | Alexander V. Leonov
- PXELINUX - Syslinux Wiki
- Traitlets - an introduction & use in Jupyter configuration management | Quansight Labs
- The 5 Best Open Source Password Managers | FOSS Linux
- Weeklypedia
- Secure Your Online Accounts With 2FA And Open Source
- nbdkit now ported to Windows | Richard WM Jones
- 9 Best Free Console-Based Diff Tools - LinuxLinks
- diff-so-fancy
delta
icdiff
- 6cord Is An Almost Perfect Terminal Discord Client - YouTube
- Synology TFTP server for PXE Boot
- Nova Scotian Hodge Podge Recipe | Allrecipes
- EdgeRouter - DHCP Server Static Mapping – Ubiquiti Networks Support and Help Center
- set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping uap-pro ip-address 192.168.1.240
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping uap-pro mac-address <mac-address>
- Troubleshooting performance on Autonomous Database - Blog dbi services
- I got carried away and built a 36TB home server the size of a toaster oven | PC Gamer
- FBI warns of an increase in online romance scamsSecurity Affairs
- PXE Deploy Clonezilla. In this lesson we use PXE Linux and Clonezilla
- The Morning After: Elon Musk's brain implant is working -- in pigs
- What is a Display Server in Linux?
- Setting Up A PXE Install Server For Multiple Linux Distributions On Debian Lenny
- Asymptomatic COVID-19 Infections And 'Disease Tolerance' : Shots - Health News : NPR
- How to Turn Your Raspberry Pi into NAS with OpenMediaVault
- Scanning containers for vulnerabilities with OpenSCAP and Podman | Enable Sysadmin
- Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab
- Former Cisco employee pleads guilty to hacking, damaging company systemsSecurity Affairs
- 4 Best Practices for Credentialed Scanning with Nessus - Blog | Tenable®
- Microsoft re-re-re…releases KB 4023057, the “blast a way to the next version” patch @ AskWoody
- F5: Setup Basic Web Load Balancing | PeteNetLive
- Windows Server vNext Preview build 20201 is now available - The things that are better left unspoken
- Is Your Data Backup Plan COVID-Proof? | APMdigest - Application Performance Management
- Configuring Port Forwarding on Windows | Windows OS Hub
- Everything in VMware vCenter Server 7 - New Features in vSphere 7
- Elon Musk Unveils Neuralink Brain Implant Working In A Pig
- Nosa Edoimioya, PhD student | Cool Tools
- 6 Factors to Consider in Evaluating CVE Importance - Security Boulevard
- 6 factors to consider when evaluating CVE risk
1. Inventory – it’s important to identify all assets in your environment so that you have the full picture of what you’re protecting, but most organizations miss 15-35% of their assets when creating an inventory, not to mention difficulty in categorizing each asset. Modern RBVM tools create accurate inventory of all assets, automatically and continuously.
2. Vulnerabilities – This represents CVEs and their corresponding CVSS scores. These are important and definitely an important factor in determining whether or not to prioritize a vulnerability. It’s also important to remember that while this post is focused on CVEs in particular, vulnerabilities are not just CVEs. You could have a weak password, an easy to phish user, some misconfiguration, and so on, in addition to unpatched software.
3. Threats – 95% of CVEs are never actually exploited in the wild. If nobody is exploiting a vulnerability, is it as important as one that is popular with adversaries? Must time and effort is wasted in vulnerability management programs by focusing on CVEs that are theoretical in nature. Taking active exploits into account ensures that your team is focused on CVEs that matter.
4. Exposure – Since 37% of enterprise software is unused, it doesn’t make sense to prioritize unpatched vulnerabilities in that software. Ensure that you put higher priority on heavily used software. An additional tip is to reduce your overall attack surface by uninstalling software that isn’t in use – saving your organization money as well.
5. Compensating Controls – some unpatched CVEs can’t be exploited because you have other controls in your network that prohibit the steps required for the attacker to launch the attack. Such controls might mean that a high severity vulnerability that is being actively exploited in the wild really doesn’t represent much risk to you at all.
6. Business Criticality – business criticality asks the simple question, “Just how bad would it be if said asset were to get breached.” A database server that contains sensitive financial or customer information represents much more risk to the organization than a BYOD asset on your guest network. Mean time to patch (MTTP) should be lower for the high criticality asset than for the BYOD asset. This is a critical distinction – there’s no reason to respond equally quickly for all assets with unpatched vulnerabilities.
- Top 9 Vulnerabilities With No Assigned CVE Number - Security Boulevard
- 1. Compromised Credentials – password related issues are still responsible for more than 80% of breaches, and 99% of users reuse passwords between work and personal accounts. With compromises of consumer services on a near daily basis, the odds that some of your users’ work passwords have already been compromised is extremely high. Think this is less important than that high severity CVE that made the news last week but has never been exploited in the wild?
2. Weak Passwords – weak passwords are susceptible to brute force and dictionary attacks, giving patient attackers a leg up on your unsuspecting users (and cyber defenses). Ensure that you’re using multifactor authentication, password management software, and the latest NIST recommendations on password policies.
3. Unknown Assets – 60% of organizations believe they are aware of fewer than 75% of the assets with access to corporate information systems. In an organization with 10,000 assets, that means there are 2,500 unknown assets with access to the corporate network. There is no way to patch or manage these assets, and the organization certainly doesn’t know what they are. This is a huge vulnerability and, you guessed it, no CVE for this one either. IT asset inventory might be the most commonly overlooked major vulnerability in the enterprise.
4. Risky Browsing Activity – only 48% of organizations have adequate visibility into phishing risk, despite 89% believing that phishing is their highest risk vulnerability. Risky browsing and overall IT asset use leads to increased risk of phishing, malware infection, and a whole host of additional issues.
5. Missing or Weak Encryption – Encryption of both data-at-rest and data-in-transit is an information security best practice, yet only 29% of information security professionals have visibility into whether and where encryption is being used across their organization.
6. Misconfiguration – default usernames and passwords, disabled encryption, and inadvertent public sharing of cloud databases are but a few of the misconfiguration related vulnerabilities that hackers have exploited with great success.
7. Trust Relationships – it’s well known that attackers commonly move laterally across networks after exploiting a weak or vulnerable system. Since this vulnerability in trust relationships between systems is frequently overlooked, one weak system can lead to compromised of other, better protected critical systems.
8. Elevated Privileges – Nearly 1 in 5 organizations report that most or all users have more access privileges than required for their job, with 48% of organizations report at least some users with unnecessarily elevated privileges. More privileges means more risk – risk that you don’t need to take on.
9. Malicious Insiders – malicious insider activity is notoriously difficult to identify because these are the same individuals that need access to sensitive information in order to get their jobs done.
- Blaming the CISO for a Cybersecurity Breach - Security Boulevard
- The NYDFS Cybersecurity Regulation Explained
- Step by Step Guide to Setup LDAPS on Windows Server - Microsoft Tech Community - 385362
- How to install a PXE server. By following this tutorial, you will be… | by Zied Yaich | Medium
- iT-Joe | Linux PXE Server
- 3D-printable cases for the Raspberry Pi High Quality Camera - Raspberry Pi
- The USPS Isn’t Made of Superheroes, But It Is a Miracle
- How to Fuzz Parameters, Directories & More with Ffuf « Null Byte :: WonderHowTo
- Better, Faster AND Cheaper Vendor Risk Assessment? Yes!! | Pivot Point Security
- What is Threat Modeling and How Does It Differ from Risk Assessment? | Pivot Point Security
- How to Make Your VPN Faster - Why You have a Slow VPN | Security Gladiators
- InfoSec Handlers Diary Blog
- Experts hacked 28K unsecured printers to raise awareness of their securitySecurity Affairs
- FBI arrested Russian national for recruiting employee of US firm to plant malwareSecurity Affairs
- REvil Ransomware Operators Claim Valley Health Systems as New Victim - Security Boulevard
- Proposal for HIPAA Modifications Coming By Year’s End
- Equifax CISO Jamil Farshchi Reflects on Breach, Recovery
- Elon Musk Says Tesla Saved From 'Serious' Ransom Attempt
- COVID-19: Business Continuity Lessons Learned
- 7 Open Source Patch Management Software to Bootstrap Your Business
- Build An Open Source AppSec Pipeline Using Github Actions – JerryGamblin.com
- Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!
- Confessions of an ID Theft Kingpin, Part II — Krebs on Security
- Confessions of an ID Theft Kingpin, Part I — Krebs on Security
- 5 Tips for Kickstarting Your Cyber Security Program - Delta Risk
- 1. Choose a Framework Over a Compliance Checklist
2. Network with Industry Peers
3. Collaborate with Other Departments to Document Policies and Procedures
4. Assign Responsibilities and Hold Everyone Accountable
5. Measure Program Metrics and Share Results
"Given that the average total cost of a data breach clocks in at around $3.92 million, this is something you can’t afford to ignore."
- Redefining What CISO Success Looks Like
- Higher Education CISOs Share COVID-19 Response Stories
- Michael Duff
- How to manage traffic rules in Windows Firewall from an Excel Sheet
- How To Properly Secure sysctl in Linux: Security Hardening Tips
- ORACHKSUM v20.03 is out! - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Using PowerShell Data Types Accelerators to Speed up Coding
- What Is VPN (Virtual Private Network)? How Does It Work?
- Palo Alto Networks to Acquire The Crypsis Group for ...
- Prepping an Oracle Database for a Cloud Migration
- Basic database information: RAC/Single Instance, multi-tenant, OS version, database version, host memory, CPU/Core
Performance information:
DB Time/Elapsed Time
CPU % Busy
SGA/PGA
Read and Write IO Throughput and MB per second
DB CPUs
- Ransomware Red Flags: 7 Signs You're About to Get Hit
- Active Directory Will Show Multiple Login Failures
Brute-Force Attacks Will Hit the Network
Phishing Emails Land With Strange Domains
The Network Starts Making a String of Questions About a Single Machine
Security Tools Are Being Used in Environments They Weren't Assigned To
Unusual Time Stamps Appear on VPN Connections
Traffic Is Suddenly Redirected to Questionable Places on the Dark Web
- SIEM: Log Monitoring Lab Setup with Splunk
- Swap Detector: Open source tool for detecting API usage errors - Help Net Security
- How to Enable Multiple Remote Desktop Sessions in Windows
- Mistakes Most Students Make While Learning Programming | Codementor
- How to Learn Programming with Zero Stress | Codementor
- What is a Zero-Day Exploit? – Linux Hint
- Build your own Zero-day or just capture someone elses???
- Build Smart on Kubernetes: Hands-on Learning Journey – Build Smart. Build Secure. IBM Developer
- Sourcegraph - Universal Code Search
- DigitalOcean & Others Still Working On Core Scheduling To Make Hyper Threading Safer - Phoronix
- How To Use Vagrant With Libvirt KVM Provider - OSTechNix
- Linux Per Thread Queues Aim For Traffic Isolation, Higher Performance Networking - Phoronix
- Best Online Markdown Editors That You Can Use for FREE
- Tartube – A GTK+ 3 Front-end for Youtube-DL Video Downloader | UbuntuHandbook
- How to Install Jitsi Meet on Debian and Ubuntu
- Anti-Forensic: Swipe Footprint with Timestomp
- 4 Risk Mitigation Principles for the Pandemic Environment
- Maintain parity of technical security controls between bricks-and-mortar and work-from-home environments;
Change your business processes to reduce the risks in the shift to a remote workforce;
Keep in mind that "cyber threat actors will never let a good crisis go to waste";
Update your information security certifications, especially your Payment Card Industry Report of Compliance.
- Spies called in as cyberattacks again halt NZ stock exchange - Japan Today
- Computer pioneer Arnold Spielberg, Steven's dad, dies at 103 - Japan Today
- Spielberg and Charles Propster designed the GE-225 mainframe computer in the late 1950s while working for General Electric. The machine allowed computer scientists at Dartmouth College to develop the programming language BASIC, which would be essential the rise of personal computers in the 1970s and 80s.
- UCSF Hack Shows Evolving Risks of Ransomware in the Covid Era - Bloomberg
- UCSF ransomware attack: University had data protection but it wasn't used on affected systems – Blocks and Files
- ‘Schrems II’ requires a rethink of the CLOUD Act
- The 'Shared Responsibility' Misnomer: Why the Cloud ...
- [Webinar] 11k Vulns in First Half of 2020 as Patch Tuesdays Get Worse – RBS
- VirtualBox & bridged networking no longer works
- Tesla worked with the FBI to block a million dollar ransomware attack | Engadget
- Are you a lurker, participant or a creator? - NevBlog
- How Four Brothers Allegedly Fleeced $19 Million From Amazon | WIRED
- It all worked because Amazon is so huge that everything is automated.
“overshipping” works by intentionally sending a company more goods than it ordered and billing for it.
every product is given a unique identifier, a string of numbers called an Amazon Standard Identification Number.
"The more our economic life moves online, the more we must ensure the integrity of our digital markets." - Audrey Strauss
- DeathStalker cyber-mercenary group targets the financial sectorSecurity Affairs
- DeathStalker
- DIY category - Jonathans Blog
- 6 Signs Your Supply Chain Risk Just Shot Up
- ‘Hidden’ PHI in Medical Images Poses Risks
- Wireless Pentesting Part 3 – Common Wireless Attacks - The Ethical Hacker Network
- Zram, Zcache, and Zswap: Which One Is the Best For You?
- use zswap
- Managing Weeds in Warm Season Lawns | Home & Garden Information Center
- Elon Musk will show a working Neuralink device on August 28th at 3 PM ET | Engadget
- Alphabet's Verily begins offering stop-loss health insurance | Engadget
- 38 Japanese firms' authentication data stolen amid teleworking increase - Japan Today
- Create a Keycloak Realm Using Admin REST API | Lisenet.com :: Linux | Security | Networking
- Payers are working to meet deadline for interoperability mandate | Healthcare Finance News
- There has been an exponential growth in clinical data over the past five years. Much of it is inaccurate.
- Moving from YouTube to PeerTube
- Popsicle - Multiple USB File Flasher for Linux
- Deploy Keycloak Using Docker Swarm | Lisenet.com :: Linux | Security | Networking
- 10 Open Source/Commercial Control Panels For Virtual Machines (VM's) Management
- Boost your CPU speed with Standard Edition 2 on ODA - Blog dbi services
- Unable to Add/Remove Role: Windows Server Requires Restart | Windows OS Hub
- Using Checkov for Infrastructure as Code Security Audits - Wahl Network
- Thread by @SteveSyfuhs: Have you ever wondered what happens behind the scenes when you type your password into the Windows logon screen and hit enter? I'm waiting f…
- Download Pre Installed VirtualBox Images for Windows, Linux and other systems - ITSMDaily.com
- Ryobi Tools Still Going Strong – Scott Gruby's Blog
- 10 Windows Tricks every Java Developer should know
- Various JVM flavors and why do you care?
- Where does JVM fit in a JEE Application Server?
- JVM – Basic Operations
- JVM: Basic Framework
- Windows 10: PowerShell Setup Script for customization | Born's Tech and Windows World
- MITRE Releases 'Shield' Active Defense Framework
- Patch Management Policy: A Practical Guide
- What is Maze Ransomware? Find out everything you need to know about this threat!
- Vulnerability scans and false positives: the importance of sanitising input - IT Governance UK Blog
- Google Project Zero expert found 3 flaws in Apache Web ServerSecurity Affairs
- CVE-2020-9490, CVE-2020-11984, CVE-2020-11993
- A Sysadmin’s Guide to Markdown Language
- Should State and Local Governments Obtain Cybersecurity Maturity Model Certification? - Security Boulevard
- Spain, France And Germany Report Most Coronavirus Cases Since Their Lockdowns : Coronavirus Live Updates : NPR
- 'Fallout' Tells The Story Of The Journalist Who Exposed The 'Hiroshima Cover-Up' : NPR
- Top Spy Sue Gordon Spills Her Views On A President Who Passed Her Over : NPR
- Facing The Anxiety And Uncertainty Of This Pandemic Starts With Acceptance : Shots - Health News : NPR
- Microsoft says the pandemic has changed the future of cybersecurity in these five ways - TechRepublic
- How IT-OT Security Has Changed in the Wake of COVID-19
- The HttpOnly Flag – Protecting Cookies against XSS | Acunetix
- A 10-point plan for addressing WFH cybersecurity challenges | CIO
- In the next six months
Automate, automate, automate – look for ways to ensure patching, password resets, change control, incident management, and other manual processes are automated wherever and whenever possible.
Deploy multifactor authentication everywhere – one lesson that should be apparent to anyone is that you can't rely on passwords for anything, even inside an organization. Though not a silver bullet, multifactor may be the closest thing to a magical elixir cure-all that can reduce risk everywhere.
Develop a BYOD plan, even if you normally don't allow BYOD – ensure you have a way for unmanaged devices to access organization resources without compromising on protection. This includes paying attention to home network security.
Review your data governance policy and program – ensure that owners are identified and any policy issues associated with the content are addressed, such as jurisdictional issues with cloud environments.
Upgrade the 3rd/4th-party compliance program – create a program of continuous compliance that does not require site visits. Rely on 3rd party audits, continuous reporting of activity and controls, and robust architecture for protection.
Assess the need for location- or asset-oriented controls – work to eliminate the need for applications to run on a certain device or be in a certain location or on a certain network in order to provide protection.
- Canadian delivery company Canpar Express suffered a ransomware attackSecurity Affairs
- How to Safely Access Sensitive Data From Home – Part 2 - Hysolate
- How to Safely Access Sensitive Data From Home - Part 1 - Hysolate
- A PCI DSS Checklist for CIOs Worried About Work from Home Security - Security Boulevard
- Leveraging FSSCC Cybersecurity Profile in the Financial Sector
- Addressing the Cloud Security Readiness Gap - Security Boulevard
- Two contributing factors to that gap include:
78% reported that cloud requires different security than on-prem. With security skills at a shortage, the ability to quickly ramp up on a new architecture and a new set of security capabilities can certainly slow progress.
Only 8% of respondents claimed to fully understand the cloud security shared responsibilities model; they don’t even know what they’re responsible for; never mind how to implement the right policies and procedures, hire the right people, or find the right security technologies.
- Linux-Fu: Your Own Dynamic DNS | Hackaday
- Trash-80: What it meant and why it stuck - The Silicon Underground
- Quick post about MBSA | >_
- Start-WUOfflineScan -FilePath C:\temp\wsusscn2.cab -Verbose
- Why InfoSec Creators Should Move to Direct Support Monetization | Daniel Miessler
- More from the Courts, Self-Collection Part 5 | Xact Data Discovery
- What Have the Courts Said About Self-Collection? | Xact Data Discovery
- IT Collection Risks, Self-Collection Part 3 | Xact Data Discovery
- Custodian Collection Risks, Self-Collection Part 2 | Xact Data Discovery
- A Shortsighted Shortcut, Self-Collection Part 1 | Xact Data Discovery
- How to talk to people who believe in QAnon | Engadget
- Walt Disney's winning strategy - NevBlog
- it shows how all their divisions weren’t separate projects, but rather fed into one another.
- Parth - Heuristic Vulnerable Parameter Scanner
- Quote Details: George Steiner: A chess genius is... - The Quotations Page
- A chess genius is a human being who focuses vast, little-understood mental gifts and labors on an ultimately trivial human enterprise.
George Steiner
- Quote Details: Galileo Galilei: I have never met... - The Quotations Page
- I have never met a man so ignorant that I couldn't learn something from him.
Galileo Galilei
- What Are the Ways to Respond to an Unintentional HIPAA Violation?
- Are their any violation unintentional??
- The Warren Buffett Pilot Story: The Importance of Making a NOT To Do List — My Money Blog
- First, you write down a list of twenty-five career goals.
Second, you do some soul-searching and circle the five highest-priority goals. Just five.
Third, you take a good hard look at the twenty goals you didn’t circle. These you avoid at all costs. They’re what distract you; they eat away time and energy, taking your eye from the goals that matter more.
- Tick-tock. Does your container know what time it is? | Enable Sysadmin
- Fretted M.2 connector cause difficult-to-diagnose performance slowdown | Ctrl blog
- Doc Searls Weblog · Bet on obsolescence
- Child Care Jobs, Mostly Held By Women, Hit Hard By Coronavirus Crisis : Coronavirus Live Updates : NPR
- COVID-19 Pandemic's Child Care Options: Risks And Strategies For Staying Safe : Shots - Health News : NPR
- 10 Awesome Educational Websites for Kids Worth Bookmarking
- 5 Weird Noises Inside Your Computer Explained | MakeUseOf
-
- Kubernetes Lens: see your cluster under a different light – Marksei
- What Do We Know About Transmission Of COVID-19 On Planes? : Goats and Soda : NPR
- COVID-19 Financial Pressures Are Sinking Rural Hospitals : Shots - Health News : NPR
- Free Refrigeration In Hot Climates | Hackaday
- Linux-Fu: One At A Time, Please! Critical Sections In Bash Scripts | Hackaday
- Simple MP3 Player Hides Home Automation Brilliance | Hackaday
- How To Choose The Right GPS Module For Your Project | Hackaday
- HOPE 2020 Delivers Historic Marathon Of Hacking | Hackaday
- A Simple Script for Creating and Deleting Rolling ZFS Snapshots in FreeBSD | iceflatline
- How I Organize Application Shortcuts in the Windows 10 Start Menu | iceflatline
- Microsoft OneNote Keyboard Shortcuts for Windows and Mac
- Pi Saves Vintage Mac Case From A Watery Grave | Hackaday
- The Ever-Accelerating Automation Of Fast Food | Hackaday
- GitHub - diimdeep/awesome-split-keyboards: A collection of ergonomic split keyboards ⌨
- GitHub - sindresorhus/awesome: 😎 Awesome lists about all kinds of interesting topics
- Inputs Of Interest: ErgoDox Post-Mortem | Hackaday
- Pyre-Check - Performant Type-Checking For Python
- U.S. GAO - Cybersecurity: DHS and Selected Agencies Need to Address Shortcomings in Implementation of Network Monitoring Program
- Four Years Later, Off-Grid Office Shed Still Rocks | Hackaday
- DSHR's Blog: Atlantic Council Report On Software Supply Chains
- The report divides their survey into five "trends":
1. Deep Impact: State actors target the software supply chain and do so to great effect.
2. Abusing Trust: Code signing is a deeply impactful tactic for compromising software supply chains as it can be used to undermine other related security schemes, including program attestation.
3. Breaking the Chain: Hijacked updates are a common and impactful means of compromising supply chains and they recurred throughout the decade despite being a well-recognized attack vector.
4. Poisoning the Well: Attacks on OSS were popular, but unnervingly simple in many cases.
5. Downloading Trouble: App stores represent a poorly addressed source of risk to mobile device users as they remain popular despite years of evidence of security lapses.
- DSHR's Blog: Optical Media Durability: Update
- Jenkins Security Advisory 2020-08-17
- Should State and Local Governments Obtain Cybersecurity Maturity Model Certification?
- 10 Good Open Source Speech Recognition Systems [2020]
- Release Privatezilla 0.30.0 (Phoenix) 🐦 · builtbybel/privatezilla · GitHub
- Which Public Cloud Should I Master First? « ipSpace.net blog
- Do you have existing customers (or potential employers you’d love to work for) asking for specific public cloud skills? There’s your answer.
- NetDevOps Concepts - Minimum Viable Product | The NTC Mag
- MUST READ: IPv4, IPv6, and a Sudden Change in Attitude « ipSpace.net blog
- =
- Simple Trick for Determining 2.1mm or 2.5mm Barrel Jacks | Cool Tools
- Many barrel jacks have a consistent 5.5mm outside diameter. But the inside diameter can vary, usually either between 2.1mm or 2.5mm. If you don’t have your digital calipers handy, you can determine this inside diameter with common objects: a toothpick, a ball point pen, or a test probe. The brass housing on a ball point pen is usually 2.2mm. If it doesn’t fit inside the barrel of your jack, then the jack is 2.1mm. If the pen easily fits inside, the jack is 2.5mm. A standard toothpick is 2.1mm. If it fits snugly in the jack, it’s a 2.1mm jack. Also, a common multimeter probe needle with fit closely inside of a 2.1mm jack and be very sloppy inside of a 2.5mm jack.
- "How NOT to Measure Latency" by Gil Tene - YouTube
- "How NOT to Measure Latency" by Gil Tene - YouTube
- Everything You Know About Latency Is Wrong – Brave New Geek
- The Importance of Certificate Discovery - Keyfactor
- Storage Management Best Practices: Part 1 - Components In Motion
- Jason Beaird Design Quote - NevBlog
- “Users are pleased by design, but drawn to the content.”
-Jason Beaird
- Protecting Against Kubernetes Threats: Chapter 7 - Discovery | StackRox
- Protecting Against Kubernetes Threats: Chapter 6 - Credential Access | StackRox
- Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion | StackRox
- Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation | StackRox
- Protecting Against Kubernetes Threats: Chapter 3 - Persistence | StackRox
- Protecting Against Kubernetes Threats: Chapter 2 - Execution | StackRox
- Protecting Against Kubernetes Threats: Chapter 1 - Initial Access | StackRox
- Top 6 cybersecurity books for IT auditors
- 1. “Auditor’s Guide to IT Auditing” by Richard E. Cascarino
2. “IT Audit, Control, and Security” by Robert R. Moeller
3. “Human-Computer Interaction and Cybersecurity Handbook” edited by Abbas Moallem
4. “Implementing Cybersecurity” by Anne Kohnke, Ken Sigler and Dan Shoemaker
5. “Cyber Security and Privacy Control” by Robert R. Moeller
6. “Information Technology Control and Audit” by Angel R. Otero
- WFH for the Long Haul? These Tips Will Help You Create a Cyber Resilient Home Network | Webroot
- Zero Day Initiative — 15 Years of the Zero Day Initiative
- Zero-Touch Provisioning for Cisco IOS ⁕ Vincent Bernat
- How to Create a Helm Chart in Windows for Minikube | securitywing
- Harmonize FinServ Cybersecurity Standards with the Financial Sector Cybersecurity Profile - Security Boulevard
- Making Infosec Jobs Easier: Preventing Ransomware | Balbix
- Walgreens Discloses Data Breach Impacting Personal Health Information of More Than 72,000 Customers – HOTforSecurity
- Tibivi: Weekly Scheduler For When A Text File Isn't Enough - YouTube
- How to use n8n and Raspberry PI to create workflows and automate APIs - peppe8o
- Authenticating To Ansible Tower Via Windows Active Directory | Greg Sowell Consulting
- Confederate flags still fly in Brazil | flyingpenguin
- CCNA Training » All Old CCNA in one place
- Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale
- Scan-For-Webcams - Scan For Webcams In The Internet
- Now Is The Perfect Time For CISOs to Tame the Security Frontier - ZeroNorth
- Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
- Infosecurity.US - https://infosecurity.us - DEF CON 28 Safe Mode - Panel - 'D0 N0 H4RM: A Healthcare Security Conversation Panel'
- All About the CISSP - Phoenix TS
- Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks
- Healthcare Data Breach Costs Rise - Security Boulevard
- Diagnosing the Cybersecurity Challenges in Healthcare
- It Takes Two. Why You Need Agentless & Agent-Based Scanning | Digital Defense, Inc.
- Defensible risk management can improve your job security | Synopsys
- How to Look Up MAC Addresses – Linux Hint
- great look at the ip
- Network scanning with Fierce – Linux Hint
- How NAT traversal works · Tailscale Blog
- System statistics: Linux stat commands to know | Enable Sysadmin
- How your home network can be hacked and how to prevent it
- CVE-2020-10029: Buffer overflow in GNU libc trigonometry functions?!? - Security Boulevard
- Book Review: Crime Dot Com, From Viruses to Vote Rigging, How Hacking Went Global - Security Boulevard
- Side Dishes Collection - Page 2 of 23 - Spend With Pennies
- The importance of subject matter experts - SecureLink
- Introduction to Cryptography - Security Boulevard
- As Military Cyber Policies Change, Should Others Do the Same?
- Web Crawler & User Agent Blocking Techniques - Security Boulevard
- United States Air Force Partners with Pluralsight to Power Digital U Technology Skills Development Program - Security Boulevard
- 50 Cyber Security Podcasts We’re Listening to Now | Orca Security
- Are You Using the Full Potential of Your SOC? 5 Trends That Will Reshape Modern Security Operations - Security Boulevard
- Five Trends that Will Reshape Modern Security Operations
1.Threat Intelligence
2. Cloud-Managed Security
3. Threat Hunting
4. Machine Learning Algorithms
5. Automation
- Exploited in the Wild, It Took Microsoft 734 Days to Patch this Vulnerability - Security Boulevard
- The facts on CVE-2020-1464
Patch released 734 days after Microsoft was notified
The vulnerability was known to be exploited in the wild
Exploitation allows for installation of arbitrary malicious code
Impacts all major versions of Microsoft Windows
- 10 Elements of the Most Effective Application Security Programs - Security Boulevard
- 1. Application security controls are highly integrated into the CI/CD toolchain.
2. Application security best practices are formally documented.
3. Application security training is included as part of the ongoing development security training program.
4. The ongoing developer security training should include formal training programs, and a high percentage of developers should participate.
5. Development managers are responsible for communicating best practices to developers.
6. Security issue introduction is tracked for individual development teams.
7. Formal processes and metrics track continuous improvement of application security.
8. Continuous improvement metrics are tracked for individual development teams.
9. Security issues are tracked during the code development process.
10. Automation risk aggregation tools roll-up risk to keep senior development leaders informed.
- Creating Research Accounts for OSINT Investigations – We are OSINTCurio.us
- CWE - 2020 CWE Top 25 Most Dangerous Software Weaknesses
- Debian 9: Install PXE Boot server for automated install - Narrow Escape
- How to Achieve 20/20 Visibility in Your OT Security - Blog | Tenable®
- Signs You’re Following A Fake Twitter Account… – NixIntel
- Cloud-Sniper - Virtual Security Operations Center
- How to install Infection Monkey for breach and attack simulations on your network - TechRepublic
- Why Cybersecurity Leaders Struggle to Answer the Question ‘How Secure Are We?’
- In order to provide business context, security and risk management leaders must first be able to answer two key questions:
1. What is your organization’s core value creation? In manufacturing, the answer may be to make and sell widgets for profit. In healthcare, the answer may be to provide medical care to patients. In government, the answer may be to provide a service to the public, such as issuing driver’s licenses or taking care of trash disposal.
2. Which of your IT assets are crucial to delivering on that core value creation? For example, is there an ERP system or medical records app or database which, if taken offline, would cause your business operations to grind to a halt? Are there groups of users whose computers, if compromised, would expose key intellectual property or sensitive data that could prevent the organization from delivering on that core value? Is there a cloud environment which, if taken offline, could derail an important customer-facing web service, such as a banking or ecommerce site?
- The Only Thing 'The Simpsons' Predicted Is Our Stupidity
- Scientists Have Shown There's No 'Butterfly Effect' in the Quantum World
- NBlog - the NoticeBored/SecAware blog: NBlog Aug 19 - IAAC Directors' Guides
- Why Data Flow Mapping is Key to Web App Security Testing | Pivot Point Security
- What is CUI and Why is It Such a Big Deal? | Pivot Point Security
- Alternatives to Microsoft GCC High Cloud for CMMC Compliant Email and File Sharing | Pivot Point Security
- What's The Difference Between The Internet And World Wide Web?
- Internet connecting computers
Web connecting people
- Pilo: Raspberry Pi-Powered Lights-Out Remote Server Management for $60 or less
- Raspberry Pi Off-World Bartender - Raspberry Pi
- Use a Raspberry Pi To Catch Hackers with OpenCanary | Tom's Hardware
- Managing Cybersecurity Program CostRafeeq Rehman – Personal Blog
- Robocall Results from a Telephony Honeypot - Schneier on Security
- Steel sheet giant Hoa Sen Group hacked by Maze ransomware operatorsSecurity Affairs
- FritzFrog cryptocurrency P2P botnet targets Linux servers over SSHSecurity Affairs
- FritzFrog
- How to cyber security: Pain in the *AST
- At the most fundamental level, IT security is about buying software, while application security is about building software. Said another way, IT security is about operating software, while application security is about developing software.
- Kotlin: How JetBrains created Google's preferred Android programming language - TechRepublic
- Incident Response- Linux Cheatsheet
- Analysis: Why a NotPetya Lawsuit Was Dismissed
- A forensics analysis from two independent data sources showed that the malware entered Heritage Valley's computer network systems "through a trusted virtual private network connection with Nuance," the lawsuit states.
- University of Utah Pays Ransom to Avoid Data Disclosure
- Australian Online Health Platform Fined for Data Practices
- Australia's federal court fined HealthEngine, an online platform for booking medical appointments, 2.9 million Australian dollars ($2.1 million) on Thursday for improperly sharing personal data and altering online reviews.
- Unified Endpoint Management Explained: (Why) Does Your Company Need One?
- In comes UEM, a brand-spanking-new approach to granular, multi-device control, and management. With (an) Unified (and united) endpoint management system, you will be able to:
Control, configure and monitor all types of devices (i.e. Mac, Windows, Android, Linux, etc.) from a single (and unique) dashboard.
Updating, downgrading, and patching can be done from a single console.
Push security policies to every device, regardless of the operating system.
Simplify the BYOD enrollment process.
Achieve better control over user-requested installation and uninstallation processes (e.g. system administrators can prevent users from installing a specific category of software on all devices hooked up to the corporate network).
- SecGen - Create Randomly Insecure VMs
- Webcast: What to Expect When You're Expecting a Penetration Test - Black Hills Information Security
- Erman Arslan's Oracle Blog: Weblogic - Oracle BI Publisher -- AD authentication - Configuring LDAPs
- Sysadmin university: How to write a README file | Enable Sysadmin
- 15+ practical Python projects for beginners | Codementor
- Arduino Blog » Automated lawn irrigation with some valves and an Arduino Nano 33 IoT
- Discover Kolibri: A Free Open-source Offline-First and Peer-to-Peer Complete Education System
- 5 Stages of Grief & CMMC Compliance
- Windows 10 Secure AutoLogon - PowerShell - CCMEXEC.COM - Enterprise Mobility
- How To Create Cross-Platform PowerShell Scripts -- Redmondmag.com
- Nmap Tip – it's notes
- Scan UDP port 5140
nmap -p 5140 -sU -v 192.168.1.1
Netstat list port with service running
netstat -pnltu
- Catching Intruders With a Trip Wire: The AIDE Package - Low End Box
- Ethernet switch failure? | Nelson's log
- Centos 8 + Windows domain authentication – SvennD
- Ten things you need to know about Assigning Groups to Azure AD Roles - The things that are better left unspoken
- Kentik Synthetic Monitoring Launched | APMdigest - Application Performance Management
- AppDynamics Announces SAP Peak | APMdigest - Application Performance Management
- AWS Solutions Architect Associate (SAA-C02) Exam Tips - Wahl Network
- Re-visiting the SUN-2 emulator: Adding SLiRP! | Fun with virtualization
- Selecting the Number of vCPUs and Cores for a Virtual Machine | Windows OS Hub
- The Complete Guide to VMware Hybrid Cloud
- VMworld 2020: Intrinsic Security Edition | Security Blog | VMware
- Public Cloud Challenges – Part 8 – Scaling Storage and operational implications | CloudXC
- The 5G BlackBerry could be 'the most American-made phone out there' | Engadget
- 20 percent of companies working remotely have suffered a breach
- Organizations use outsourcing to meet cyber threats
- Shadow IT in the 'Age of Coronavirus'
- 70 percent of ICS vulnerabilities can be exploited remotely
- How to backup and restore LUKS header on Linux - nixCraft
- Cyber News Rundown: Ransomware Targets Major Cruise Line | Webroot
- Shared Responsibility for Cloud Security: What You Need to Know | CSO Online
- From Our Kitchen | Epic
- What is threat hunting? Taking an active approach to defense | CSO Online
- The cybersecurity skills shortage is getting worse | CSO Online
- Mechanizing The Methodology | Daniel Miessler
- The central concepts in the talk are the following:
Turn security tasks into small, granular questions that have answers
Each answer should be a simple output that can become the input for another process
Chain these questions and answers together into workflows
Schedule them with cron
Alert using Amazon SES
Iterate as you learn new techniques.
- Eulogy Delivered on August 2nd | Diary of a Network Geek
- Privacy conscious cloud migrations: mapping the AWS Cloud Adoption Framework to the NIST Privacy Framework | AWS Security Blog
- Center for Internet Security's Community Defense Model | CSO Online
- The CCPA and employee data: A compliance checklist
- Former Uber security chief arrested for covering up 2016 hack | Engadget
- World's Fastest Internet Speed Hits 178,000 Gbps
- Standardizing on Kubernetes, and more industry trends | Opensource.com
- 3 ways a legal team can enable open source | Opensource.com
- path to yes
- Top 7 Free Android Apps To Start A Business In 2020
- GNU/Linux General Troubleshooting Guide for Beginners - LinuxConfig.org
- NIST Asks A.I. to Explain Itself | NIST
- Synthesis Of Vectors – Jordan Potti – Security Things
- https://vloreblog.files.wordpress.com/2020/08/vmugkc-session-vcp-dcv.pdf
- Using Runecast to Check Pure Storage Best Practices | davidstamen
- Washington DC VMUG Presentation on Aug 20 2020 - TinkerTry home lab’s VMware vSphere 7.0 upgrade challenges, successes, and lessons learned. | TinkerTry IT @ Home
- Upgrade your VCSA with peace of mind:… | Virtualisatieadvies
- How to Maximize all Monitoring Tools | VMignite.com
- Public Cloud Challenges – Part 4: Data Efficiency Technologies & Resiliency considerations. | CloudXC
- 5 Ways to Update An Agency’s Incident Response Plan | FedTech Magazine
- The SASE Model: A New Approach to Security - HealthcareInfoSecurity
- security access service edge (SASE) - uniting "zero trust," SD-WAN, data loss prevention, cloud access security brokers, and more into a cohesive platform
- Ransomware Payday: Average Payments Jump to $178,000
- Cloud Privacy: Well, I’ll just encrypt… | Born's Tech and Windows World
- Idea 1: Protect cloud content from misconfiguration
Idea 2: Protect cloud content from content scans
OneDrive: Encrypted files quoted as ransomware
- Action for GDPR violations against Oracle and Salesforce | Born's Tech and Windows World
- Industrial plants and critical infrastructures (KRITIS) increasingly vulnerable to remote attacks | Born's Tech and Windows World
- Caching vs Tiering - Architecting IT
- How to Send Email Securely with PowerShell
- Disable Windows Firewall: Discover the Many Ways
- ReaR: Backup and Recover your Linux server with confidence | Enable Sysadmin
- Earl Nightingale on your environment - NevBlog
- “We become what we think about. People who think about becoming lawyers, become lawyers. A bad environment makes you think bad thoughts. A beautiful environment makes you think beautiful thoughts.”
-Earl Nightingale
- AutoUpgrade and the Partial Offline Backup Strategy
- SQLcl and OCI Cloud Shell – Get Up and Running Quickly with your Autonomous Oracle Database – ThatJeffSmith
- 10 Resume and Interview Tips from Security Pros
- Don't Let Someone Else Write Your Resume
Generic vs. Specific Resumes
Know How Your Experience Matters
Common Resume Mistakes
Social Media and the Job Search
Why You Should Have a Cover Letter
Where to Job Search
Connecting with Recruiters: What You Need to Know
How to Win Over a Hiring Manager
Now is the time to be memorable and share your passion.
- Ransomware Attack on Carnival May Have Been Its ...
- Why Quality & Security Both Matter in Software
- 4 Cyber Incident Scenarios You Should Exercise and Test - Delta Risk
- 1. Phishing Attacks
2. Malicious Attachments and Malware
3. Password Requests and Other Suspicious Demands
4. Unauthorized Computers and Devices on Network
- Incident Response: Windows Cheatsheet
- 54% of universities reported a data breach in the past year - IT Governance UK Blog
- How COVID-19 Is Changing CISOs' Approaches to Security
- Tim Rohrbaugh
- Emerging Risk Management Issue: Vendors Hit by Ransomware
- Medical Records Exposed via GitHub Leaks - HealthcareInfoSecurity
- So You Want to Build a Vulnerability Disclosure Program?
- Microsoft Put Off Fixing Zero Day for 2 Years — Krebs on Security
- Build Medical Imaging Apps with These 10 Open-source Frameworks and Toolkits
- The Law and Policy of Client-Side Scanning - Lawfare
- TechTank Episode 2: How Has COVID-19 Transformed Work, Education, and Healthcare? - Lawfare
- Zero Downtime Migration – Migrate to Exadata DB System (ExaCS) – Databases Are Fun
- Five Thoughts on Oracle Security | Late Night Oracle Blog
- 6 Best CPU Stress Test and Performance Benchmark Linux Tools | FOSS Linux
- https://dl.ubnt.com/guides/edgemax/EdgeSwitch_CLI_Command_Reference_UG.pdf
- Bash Shell Ignore Aliases & Functions When Running Command - nixCraft
- Terrascan open source software helps developers build secure cloud infrastructure - Help Net Security
- Commandant's Professional Reading List - MCA
- KnowledgeBase: You receive “the mS-DS-ConsistencyGuid attribute is already in use” when you change the source anchor on a Staging Mode Azure AD Connect installation - The things that are better left unspoken
- DIY Apartment Painting -- Equipment Needed --Part 1 | Penniless Parenting
- Oracle Solaris 11.4 SRU24 Released With A Plethora Of Package Updates - Phoronix
- Getting Started in Cybersecurity
- A Practical Introduction to Web Scraping in Python – Real Python
- Change Color Scheme of Linux Terminal Based on Wallpaper
- Documenting my various arm and IoT devices: quick overview – nullr0ute's blog
- Taking Another Look at Plotly - Practical Business Python
- How To Install OCS Inventory Asset Management Software on Ubuntu 20.04 LTS
- What makes Java open source? | Opensource.com
- Cloud firewalls for WordPress - LinuxAndUbuntu - Linux Tutorials, FOSS Reviews, Security News
- Best Graphic Design Software for Linux in 2020 - OSTechNix
- Useful FFmpeg commands for video editing — Andrej’s notes
- CryptPad: Encrypted Open Source Google Docs Alternative
- Using a Yubikey as a touchless, magic unlock key for Linux :: Kevin Liu
- Ubuntu 16.04 LTS Systems Running Linux 4.4 Receive New Kernel Security Update - 9to5Linux
- Medical Device Cybersecurity Threat Modeling - MDIC
- Cybersecurity | National Public Health & Safety | MDIC
- How To Install Vagrant On Linux - OSTechNix
- Fix your ArcoLinux or Arch Linux computer with these 2 tips | Arcolinux.com
- Sunrise Adopts Agile Culture and Accelerates Time to Market by 75% with Red Hat’s Hybrid Cloud Technologies
- Red Hat Bringing Multipath TCP To RHEL 8.3 As A Tech Preview - Phoronix
- Multipath TCP
- Sysadmin university: How to document code and scripts in Linux | Enable Sysadmin
- We didn't start the FIRE: The true history of financial independence
- SELinux changes for KVM-separated (Kata) containers | Enable Sysadmin
- Should I Keep My Laptop Battery Plugged In All The Time?
- What Happens Inside A Battery Right Before Its Explosion?
- How to Install and Use Docker on Ubuntu 20.04
- Financial Independence Not As a Number, But Creating a Content Lifestyle — My Money Blog
- "a successful life is one in which your basic needs for food, shelter, health care, and income are met and in which you have a sense of autonomy, mastery, and belonging."
"Happiness is not a goal. It is a side effect of how you spend each day"
- Facebook's AI can generate MRI images in minutes instead of an hour | Engadget
- A look back at some of Toshiba's most memorable laptops | Engadget
- vSphere 7’s vMotion interface notifies for time differences between vSphere hosts - The things that are better left unspoken
- Technology giant Konica Minolta hit by ransomware attackSecurity Affairs
- Threat actor leaked data for U.S. gun exchange site on hacking forumSecurity Affairs
- Boeing's DEF CON Debut a Sign of the Times
- Cross-Site Scripting Exploitation
- Forensic Investigation: Autopsy Forensic Browser in Linux
- Threat Hunting: Log Monitoring Lab Setup with ELK
- How to Address Telehealth Cloud Security Risks
- In the interview (see audio link below photo), Angle also discusses:
Other top cloud security and privacy issues involving telehealth;
Risks and regulatory concerns involving third-party vendors and subcontractors - including companies based outside the U.S. - that work with telehealth services providers;
Identity and access management and authentication issues for telehealth services and the cloud;
Security concerns for medical devices and remote patient monitoring systems.
Angle is manager of vulnerability management at Trinity Health, a healthcare system based in Livonia, Mich., which includes 93 hospitals in 22 states. Angle, who has more than 20 years of security experience in both government and the private sector, is also the co-chair of the health information management working group for the Cloud Security Alliance and conducts research on cloud security.
- Health Data Breach Tally Surges - HealthcareInfoSecurity
- What is Vulnerability Management?
- What Is Riskware? Cybersecurity Threats You Must Be Aware Of
- From Red to Blue, and Maybe Purple Too – Jordan Potti – Security Things
- DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources
- AWS Report - A Tool For Analyzing Amazon Resources
- Healthcare Exchange Standards: FHIR Security and Privacy Tutorial
- $28 Billion for State Security, IT Upgrades Proposed
- Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems
- Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack — Krebs on Security
- Healthcare Giant Epic Scraps Its Return to the Office After Worker Outrage
- Rational Cybesecurity for Business book Publication Announcement
- CVE-2019-0230: Apache Struts Potential Remote Code Execution Vulnerability - Blog | Tenable®
- The Hacker Quarterly Magazine - paritybit.ca
- Threat actors managed to control 23% of Tor Exit nodesSecurity Affairs
- 100 Days To Offload
- How hospitals can better protect themselves against data breaches - TechRepublic
- CI Security attributed this year's sharp decline to some type of combination of five different factors:
Healthcare organizations have continued to improve their cybersecurity programs.
Some healthcare organizations misunderstood the HHS exceptions issued during the pandemic, leading them to believe they had a coronavirus-related extension beyond the required 60-day window.
Healthcare organizations were simply too busy to report data breaches.
Some healthcare organizations were hopeful that cybercrime groups, which promised to "go easy" on healthcare during the pandemic, would keep their word. But a number of reports on phishing campaigns and other attacks from cybercrime gangs and nation-states show that they actually took advantage of stressed healthcare facilities during the first half of the year.
Some healthcare organizations have been so distracted by the pandemic and associated emergency operations that they have been breached but don't yet know it. This is the most ominous explanation, but seems plausible given that the average time it takes for healthcare organizations to spot a breach is 329 days, according to IBM's 2020 "Cost of a Data Breach" report.
- Maze ransomware gang leaked Canon USA's stolen filesSecurity Affairs
- Healthcare Industry Sees Respite From Attacks in ...
- SANS Data Incident 2020 Indicators of Compromise | SANS Institute
- Raspberry Pi: Projects, Tutorials, Models, Getting Started | Tom's Hardware
- 4 best practices to avoid vulnerabilities in open-source code | CSO Online
- 1. Know your software
2. Resolve dependency issues
3. Automate code scanning to find unknown unknowns
4. Beware of licensing risks
- Locating Elements by CSS Selectors with Selenium – Linux Hint
- Best YUM Command Examples For Everyone | Itsubuntu.com
- Microsoft August 2020 Patchday issues | Born's Tech and Windows World
- Amazon’s Alexa hacked, numerous vulnerabilities | Born's Tech and Windows World
- Chris's Wiki :: blog/sysadmin/BlameAndWorksOnMyLaptop
- HP-UX – /var is filling up and found /var/stm/logs/os – setaOffice
- How I Collected a Debt from an Unscrupulous Merchant · mtlynch.io
- Humidity and Temperature Monitoring – Stuff I'm Up To
- Amazon Braket – Go Hands-On with Quantum Computing | AWS News Blog
- Should I Upgrade to vSphere 7.0?
- Book 4 of the IT Architect Series announced – vcdx133.com
- Sodinokibi ransomware gang stole 1TB of data from Brown-FormanSecurity Affairs
- CheckXSS - Detect XSS vulnerability in Web Applications
- How to Conduct Wireless Recon on Bluetooth, Wi-Fi & GPS with Sparrow-wifi « Null Byte :: WonderHowTo
- Goodbye Master Bream. Thank you for everything you did | Andrea Fortuna
- Fast Bare Metal provisioning and infrastructure automation with MAAS
- Our favorite open source writing tools | Opensource.com
- Pen testing web applications with Metasploit’s “Wmap scanner” – Linux Hint
- Getting started with Ansible 10 - Tags - YouTube
- 9 reasons I upgraded from AngularJS to Angular | Opensource.com
- SQL Server: High SQLCONNECTIONPOOL Memory Clerk consumption - Blog dbi services
- Oracle Database Appliance and CPU speed - Blog dbi services
- Is Bandwidth A Precious Resource? | The Networking Nerd
- The Grep of PowerShell [Tutorial]
- Announcing the new Jupyter Book. Note: this announcement is cross-posted… | by Chris Holdgraf | Aug, 2020 | Jupyter Blog
- Boosting manufacturing efficiency and product quality with AI/ML, edge computing and Kubernetes
- Sysadmin careers: How my team distributes work over holidays, nights, and weekends | Enable Sysadmin
- "Structural pattern matching" for Python, part 1 [LWN.net]
- USB Forensics – Linux Hint
- The Linux-based PinePhone is the most interesting smartphone I've tried in years
- Keyboard cleaning 101 - Linux-natives
- Indoor air quality HAT for Raspberry Pi boasts high-res TVOC sensor
- Arduino Blog » Keep your pool under control with ARDUPOOL
- davy wybiral: DIY Solar Powered LoRa Repeater (with Arduino)
- An Average IT Org
- The encrypted homelab
- 12 fast fixes for common Android problems | Computerworld
- Portable Raspberry Pi Thermal Camera Can Read Your Temperature at a Distance | Tom's Hardware
- Building a Raspberry Pi Thermal Imaging Camera - MLX90640 guide - Everything Smart Home
- Understanding computer vision and AI, part 1
- Profiling slow-running queries in Amazon DocumentDB (with MongoDB compatibility) : idk.dev
- Making open decisions in five steps | Opensource.com
- The process involves five stages:
Early engagement
Gather diverse participants
Request feedback and encourage changes
Ask for and encourage dissent
Incorporate ideas
- 7 tips for giving and receiving better feedback | Opensource.com
- Manage KVM Virtual Machines With Virsh Program - OSTechNix
- SPDX for KF5/KF6 Status Update – cordlandwehr
- IT leaders are unhappy with their data management and data warehousing solutions
- What is (an) Intrusion Prevention System?
- How to Create a Business Plan for a Car Dealership – Business Ideas
- Improving Cyber-Oriented Education, One Cyber Clinic at a Time - Lawfare
- Setting up multi-factor authentication on Linux systems | Enable Sysadmin
- The Ancient Japanese Art of Sleeping In | Spoon & Tamago
- Gov't appeals court order to recognize 'black rain' victims - Japan Today
- Mount NFS filesystems with autofs | Enable Sysadmin
- Server Access Logging in Django using middleware - https://www.pythoncircle.com
- PSPP - News: PSPP 1.4.0 has been released [Savannah]
- Useful PuTTY Configuration Tips and Tricks
- GIMIAS: An Open-source Modular Environment for Building Medical Imaging Applications
- Basic Tips Every Dog Owner Should Know Of | Penniless Parenting
- 4 Benefits of Using Project-Based Learning in Business Studies – Business
- Writing an Ideal Business Plan: Tips for Students – Startup
- Here are the essential reasons for writing an ideal business plan:
Establishing reachable business goals
Understanding the main objectives of the company/business
Enabling others to comprehend your business policies
Maintaining focus and prioritizing your work
- How to Build the Best Environment and Technology for School at Home - TidBITS
- We crammed small, light desks into corners of different rooms in our house. This separation reduced the noise overlap from simultaneous online classes as we had to spread three “classrooms” around our home. When the weather is nicer (which means not too hot here in Phoenix), one of the desks moves to our back patio.
- India will provide ID cards that store all your medical data | Engadget
- BPATTY
- https://iapp.org/media/pdf/resource_center/skillset_needed_to_implement_nist_privacy_framework_aug_2020.pdf
- NSA releases a guide to reduce location tracking risksSecurity Affairs
- What is Identity Governance Fatigue? | ForgeRock
- What are Wildcard Certificates and SAN SSL Certs? - Keyfactor - Security Boulevard
- PCI Compliance for the utilities industry | PCI Pal
- Aligning Cybersecurity and Business: Nobody Said It Was Easy - Blog | Tenable®
- Why Accidental Convergence Requires Purposeful Industrial Security
- Cybersecurity and Back to (Virtual) School 2020: What You Need to Know | Webroot
- State of the Software Supply Chain 2020 Report | Download
- High performing developers release more often
- HVAC Design Done Right - Manual J, S, T, & D
- Windows 10 has a dangerous print spooler bug, and there is no fix
- CVE-2020-1337
"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system."
- IT execs prepare for continued disruption
- 94 percent of businesses hit by cyberattacks in the last year
- Disk.DiskMaxIOSize and the Blue Screen of Death – Cody Hosterman
- Arguably, both. First off any time you need to change something on ESXi to get it to work with Pure I see that as a “solutions” bug. My team needs to do something to fix it. Either make the Pure platform better, or work with VMware to improve/change their product. One route we chased was improving the FlashArray–we do have the ability to support larger I/O sizes, but currently that is in directed availability (you need to ask us to enable it).
- An IT story of getting out of burn-out and depression -
- Encryption – CISSP Domain 3 – Professionally Evil Insights
- The Risks Associated with OSS and How to Mitigate Them - Security Boulevard
- Non-Persistent VMs with a Persistent User Experience - Make Your IT Admin’s Life Easier - Hysolate
- Video: Managing Digital Certificates in DevOps - Keyfactor - Security Boulevard
- Summit Medical Associates Discloses Ransomware Attack; Patient and Affiliate Information Potentially Impacted - Security Boulevard
- “Summit’s investigation determined there was potential unauthorized access to its server between January 24, 2020 and June 5, 2020,” the company added. “Summit then worked to identify its patients whose personal information may have been accessible to the unauthorized actor. That process concluded July 28, 2020.”
- 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next Level - Security Boulevard
- Sectigo and ReFirm Labs Partner to Help Device Manufacturers Uncover IoT Firmware Vulnerabilities and Achieve Compliance - Security Boulevard
- 4 best practices for managing and tracking SSL and TLS certificates | CSO Online
- Penetration Testing on PostgreSQL (5432)
- How to Fix Unreliable USB Hard Drives, Stalled Transfers in Linux
- echo options usb-storage quirks=0bc2:2312:u | sudo tee /etc/modprobe.d/blacklist_uas_0bc2.conf
sudo update-initramfs -u
- Exposing PXE Media as a local Yum Repo | Adam Young’s Web Log
- Netwalker Ransomware Explained: What You Need to Know
- Netenum - A Tool To Passively Discover Active Hosts On A Network
- Internet Explorer and Windows zero-day exploits used in Operation PowerFall | Securelist
- Failure to Wipe Client Data Leads to Lawsuits against Morgan Stanley | SENSEI ENTERPRISES, INC.
- This Is What ‘Fiscal Dominance’ Looks Like – The Felder Report
- A Princess Is Making Google Forget Her Drunken Rant About Killing Muslims
- 5 Critical Steps to Add CMMC Certification to Your ISO 27001 ISMS | Pivot Point Security
- Cutting IT/InfoSec Costs with Fractional Resourcing | Pivot Point Security
- How to read Lynis reports to improve Linux security | Opensource.com
- SANS Institute
- TeamViewer: Patch closes vulnerability CVE-2020-13699 on PC | Born's Tech and Windows World
- Still Working From Home? Here Are 5 Ideas to Help You Thrive
- ORACLE-BASE - Online Statistics Gathering for Bulk Loads in Oracle Database 12c Release 1 (12.1)
- Defend Forward and Cyber Countermeasures - Lawfare
- Facebook open-sources a static analyzer for Python code - Help Net Security
- Adding a fiber link to my home network
- Zero Downtime Migration – Migrate Your Database – Databases Are Fun
- Zero Downtime Migration – Install And Configure ZDM – Databases Are Fun
- Zero Downtime Migration – Preparations – Databases Are Fun
- Zero Downtime Migration – Databases Are Fun
- Upgrading in the cloud – VM DB Systems – Databases Are Fun
- Canon Admits Ransomware Attack in Employee Note, Report | Threatpost
- The fastest USB storage options for Raspberry Pi | Jeff Geerling
- 7 System Monitoring Tools for Linux That are Better Than Top
- よ and ね: What Do These Particles Really Mean to Japanese Speakers?
- Install latest version apache on ubuntu from source
- RetroArch 1.9 Released with Many Goodies for Retro Linux Gamers - 9to5Linux
- Cyber Career Pathways Tool | CISA
- DEFCON 2020 Live Notes
- Incident Response Analyst Report of 2019 | Securelist
- Live From Black Hat USA 2020 – Day 2 – RBS
- Cyber Career Pathways Tool | National Initiative for Cybersecurity Careers and Studies
- The Real Security Innovation Gap - Lawfare
- How to Run Any Linux Distribution Directly from Hard Disk in Ubuntu Using Grub Menu
- The THRIVE Guidelines | Techrights
- “To Help Realise Ideal Volunteer Efforts” (THRIVE).
- How to install KVM on Ubuntu 20.04 LTS Headless Server - nixCraft
- Photoflare: An Open Source Image Editor for Simple Editing Needs - It's FOSS
- BIOS Update Dell Latitude E6440 on Linux – CubicleNate's Techpad
- Book club: Testing Firefox more efficiently with machine learning by Mozilla
- The danger of world writable NFS shares | by Security Shenanigans | Aug, 2020 | Medium
- Live From Black Hat: Stress-Testing Democracy - Election Integrity During a Global Pandemic with Matt Blaze - Security Boulevard
- Avamar Basics – Recovering a Virtual Machine as a new Guest | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- Code compiler pioneer Frances Allen dies at 88 | Engadget
- Why Remote Working Is the Future of the IT Industry – Online Businesses
- Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer | by Alok Shukla | Aug, 2020 | ShiftLeft Blog
- Will ISO 27701 Certification Make Your Business GDPR and CCPA Compliant? | Pivot Point Security
- Smart Lock Vulnerability - Schneier on Security
- Scoping web application and web service penetration tests
- Cloud Security Challenges in the Next Phase of WFH - Security Boulevard
- Spying on satellite internet comms with a $300 listening stationSecurity Affairs
- IRFuzz - Simple Scanner with Yara Rule
- Taowu - A CobaltStrike Toolkit
- What You Need to Know About Salesforce’s Recycle Bin - Security Boulevard
- Scanning a SOAP Web Service for Vulnerabilities | Acunetix
- How to Find Additional Hidden Vulnerabilities During DAST Testing
- Vulnerabilities in Active Directory: The CISO’s Achilles Heel - Semperis
- Hackers can abuse Microsoft Teams updater to deliver malicious payloadsSecurity Affairs
- What a Security Engineer & Software Engineer ...
- Data Security in the SaaS Age: Quick Wins - Security Boulevard
- Ransomware and Increased Attacks against Healthcare ~ Cyber Thoughts
- How can GPUs help Solve Woes when Tableau Slows, keep Researchers from being Foes, or turn anyone into Work from Home Pros? | JK-47
- Garmin Reportedly Paid a Ransom - HealthcareInfoSecurity
- A Career in Cybersecurity ~ Cyber Thoughts
- In the following 90 minute video, I outline:
What is cybersecurity and why is it front and center as we adopt increasing levels of automation?
Who are the main perpetrators of cyber attacks and what are their motivations?
Why is cybersecurity so important today?
What are the security frameworks being used to secure organizations?
Why you should consider a career in cybersecurity
What are those opportunities?
How to develop a cybersecurity career strategy
What security certifications and qualifications should you consider?
- HealthScare: Prioritizing Medical AppSec Research
- A Most Personal Threat: Implantable Medical Devices
- Avoid Alert Fatigue: Web Application Firewall Installation, Configuration and Best Practices | Imperva
- A Paramedic's Guide to Cybersecurity: Video
- How An Electronic Medical Record System Flaw ...
- Netwalker ransomware operators have stolen data from Forsee PowerSecurity Affairs
- Web Application Security - A Complete Guide. Learn everything you need to know!
- Windows Server 2012 R2: WSUS issues since July 1, 2020 | Born's Tech and Windows World
- How to Disable IPv6 on Ubuntu - Low End Box
- Congress Will Consider National Right-to-Repair Legislation for Medical Equipment
- Surprising Economics of Load-Balanced Systems - Marc's Blog
- Top 5 Cybersecurity Threats 2020: What ranks alongside ransomware and office suite account hijacking
- Raspbian & Realtek 8192eu Wifi – Revisited – Stuff I'm Up To
- Show-me Webcam: Building an open-source and high-quality webcam with a Raspberry Pi 0 W – Huan Truong's Pensieve
- Most Organizations Need Increased IT Infrastructure Budget to Navigate Pandemic | APMdigest - Application Performance Management
- A Look at Use Cases and Cost Justification for Utilizing CIS Controls
- Apply the Mozilla Firefox STIG to Firefox on Ubuntu Linux 18.04 | slice2
- My top 10 terminal shortcuts for Linux | Enable Sysadmin
- Microsoft Azure for Free?
- bash Environmental Variables Override
- Live from Black Hat: Practical Defenses Against Adversarial Machine Learning with Ariel Herbert-Voss | Veracode Blog
- Researchers Create New Framework to Evaluate User ...
- Ripple20: More Vulnerable Devices Identified
- SANS Cloud Security Curriculum | SANS
- Canon USA Websites Offline Following Cyber Incident
- Cyber Security Roundup for August 2020 - Security Boulevard
- NBlog - the NoticeBored/SecAware blog: NBlog Aug 7 - what is operational resilience
- Exploring the Forgotten Roots of 'Cyber' - HealthcareInfoSecurity
- "What does 'cyber' even mean? And where does it come from?" writes Thomas Rid in "Rise of the Machines," his book-length quest to unravel cyber's origin story.
- Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool
- Watch: Epic Uses Immunocompromised VP to Convince Workers the Office Is Safe
- Live from Black Hat: Breaking Brains, Solving Problems with Matt Wixey - Security Boulevard
- Richard Stallman: A Discussion on Freedom, Privacy & Cryptocurrencies
- Patient Access to Health Data: Balancing Security and Usability
- "We have to encourage the people who are downloading their health information to do their due diligence to make sure where they're downloading it, saving it and securing it stays safe," he says in a video interview with Information Security Media Group. "It goes back to the ... security that's built into the development cycle - not every app is coded the same way ... and not every app deals with encryption of the data the same way."
- Forensic Investigation: Windows Registry Analysis
- BEC Campaigns Target Financial Execs via Office 365 ...
- Capital One fined $80 million over 2019 data breach | Engadget
- The bank didn’t create an “effective” risk assessment system before moving key IT systems to the public cloud, the OCC said, and didn’t address the flaws in a “timely manner.”
- Windows Incident Response: Toolmarks and Intrusion Intelligence
- Remotely hack Mercedes-Benz E-Class is possible, experts demonstratedSecurity Affairs
- World domination with cgroups part 8: down and dirty with cgroup v2
- What Are Python Wheels and Why Should You Care? – Real Python
- Learning NFS through server and client configuration | Enable Sysadmin
- Arduino Blog » Arduino X-ray imaging phantom simulates lung movement
- An Introduction to ZFS A Place to Start | ServeTheHome
- Upgrading to vCenter 7.0 via CLI – The Wifi-Cable
- Parsing Log Files using PowerShell – Virtually Sober
- Speeding up PowerShell Arrays – Virtually Sober
- Using Terraform to Provision your Pure Storage Infrastructure | davidstamen
- Don’t let legacy workloads limit modernization – Virtually Sober
- How to update PowerShell scripts using PowerShell – Virtually Sober
- Azure Credentials for Ansible – Made For Cloud
- Download Pictures by Amateur Radio from the International Space Station - SpaceRef
- How To Find Your GPS Coordinates on an Android Device
- Setting Up Amavis and ClamAV on Ubuntu Mail Server - LinuxBabe
- Easy Potatoes in Foil - Damn Delicious
- Centos 8 – where did Lynx go ? – Made For Cloud
- dnf config-manager --set-enabled PowerTools
- Ansible, more than just SSH – Made For Cloud
- How to Install Security Updates in Ubuntu
- Pysa: An Open-Source Tool To Detect & Fix Security Issues In Python Code
- Choosing between Ansible's copy and template modules | Enable Sysadmin
- Understanding Web Security Checks in Firefox (Part 2) – Attack & Defense
- How to Install Mumble and Murmur Voice Chat on Debian 10
- The New Humanitarian | Limited disclosure after major ransomware hack
- NSA releases Cybersecurity Advisory on GRUB2 BootHole Vulnerability > National Security Agency Central Security Service > Press Room
- Add a repo and install a package the Ansible way | Enable Sysadmin
- Growing fresh veggies with Rpi and Mender | Mender
- Flash ISOs to Multiple USB Sticks on Linux with Popsicle - OMG! Ubuntu!
- GitHub - aristocratos/bashtop: Linux/OSX/FreeBSD resource monitor
- Install Mellanox MFT | panticz.de
- Traditional IRA vs. Roth IRA - The Best Choice for Early Retirement
- NVMe ZNS Makes It Into Linux 5.9 Along With MD RAID Fixes - Phoronix
- Zoned Namespaces (ZNS)
- 5 reasons to run Kubernetes on your Raspberry Pi homelab | Opensource.com
- An Overview of The BootHole Vulnerability | Avast
- Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good - Phoronix
- Total cost of ownership: The hidden part of the iceberg – Build Smart. Build Secure. IBM Developer
- Kubernetes is the future: But what does this future look like?
- Is There Room for Linux Workstations at Your Organization?
- A deep dive into Keycloak - Red Hat Developer
- Healthcare industry proof of concept successfully uses SPDX as a software bill of materials format for medical devices - The Linux Foundation
- N O D E
- 11 Best Free Test Automation Tools - LinuxLinks
- Selenium Portable framework for testing web applications
Appium Open source automation tool
Robot Framework Python-based, extensible keyword-driven automation framework
Cucumber Tool for running automated tests written in plain language
Gauge Lightweight cross-platform test automation tool which uses Markdown
Dojo Toolkit JavaScript toolkit that scales with your development process
Galen Tool for testing layout and responsive design of web applications
Katalon Studio All-in-one test automation solution
Watir Web application testing in Ruby
Serenity Test automation reporting library (previously known as Thucydides)
Carina Java-based test automation framework that unites all testing layers
- Android Mirroring App 'Scrcpy' Improves Shortcuts, Clipboard Support - OMG! Ubuntu!
- TLS gets a boost from Arduino for IoT devices [LWN.net]
- Install and Use collectl Performance Monitoring Tool on Ubuntu 20.04
- How To Install Plex Media Server on Ubuntu 20.04 LTS - idroot
- Shellshock In-Depth: Why This Old Vulnerability Won't Go Away
- My new favorite utility: autojump | Christian Kastner
- 40 percent of world's Android phones at risk of hacking due to Qualcomm vulnerability | 91mobiles.com
- How to Install SOPlanning on Debian 9 | LinuxHostSupport
- GSoC 2020 Second Evaluation Report: Curses Library Automated Testing
- Mycroft: an open-source voice assistant [LWN.net]
- Tips for Teaching Yourself Kubernetes
- Run a Hospital on a Raspberry Pi with GNU Health
- Open source tool Infection Monkey allows security pros to test their network like never before - Help Net Security
- ATX PC - DON' T THROW THAT AWAY!!! here is a BIG idea - YouTube
- PE Tree: Free open source tool for reverse-engineering PE files - Help Net Security
- How To Rescue Virtual Machines With Virt-rescue - OSTechNix
- 20GB of Intel internal documents were leaked online | Engadget
- How to Install Socioboard on Ubuntu 20.04 - Social Media Lead Generation Toolkit - LinuxBabe
- How to Automatically Build and Configure Custom Docker Images with Dockerfile - Part 3
- How to Install, Run and Delete Applications Inside Docker Containers - Part 2
- Install Docker and Learn Basic Container Manipulation in CentOS and RHEL 8/7 - Part 1
- From zero to hero - Bootstrap with Ansible - DEV
- Bootstrap with Ansible, part 3 | thbe.org
- Bootstrap with Ansible, part 2 | thbe.org
- Bootstrap with Ansible, part 1 | thbe.org
- ESXi 6+ PXE Boot from Centos 8 – Nope? – Made For Cloud
- I was able to install syslinux 4.05 on Centos 8 and lo and behold the build process works. Clearly something in syslinux 6 doesn’t like PXE booting ESXi. I’m not sure what yet, but hopefully this blog post at least gives people a workaround to a frustrating problem.
- Scientists rename genes because Microsoft Excel reads them as dates | Engadget
- The Growing Threat of DDoS Amplification Attacks – Technology
- https://people.debian.org/~andi/Taiwan2018.pdf
- Ansible proxmox_kvm gettting MAC address for PXE | Proxmox Support Forum
- USB vs PXE installer — DebConf Videoteam Ansible documentation
- Deploy virtual machines in Vmware Vsphere with Ansible and Cobbler PXE server – jamalshahverdiev
- Vegetarian Delight: Eggplant On Braised Chickpeas | Fresh Tastes Blog | PBS Food
- GitHub - cerberustesting/cerberus-source: User-friendly automated testing framework.
- GitHub - cerberustesting/cerberus-source: User-friendly automated testing framework.
- An open source solution for continuous testing at scale | Opensource.com
- Using the HOSTS file to block Windows 10 telemetry? Microsoft now flags it as a severe security risk
- Ideas for high impact careers beyond our priority paths - 80,000 Hours
- The NSA tells military personnel to avoid using location services | Engadget
- How to Install Ansible and Automate Your Ubuntu Server Setup - SpinupWP
- {Hardware} bootstrapping with Ansible | Opensource.com - Arwebhosting Blog
- Homemade Hummus That's So Easy To Snack On | Fresh Tastes Blog | PBS Food
- Kick Off Fall with Pumpkin Mac n' Cheese | Fresh Tastes Blog | PBS Food
- Grill Pizza for Extra Flavor | Fresh Tastes Blog | PBS Food
- Pizza Rolls with Broccoli Rabe and Sausage or Ricotta and Leeks Recipe | PBS Food
- Show and Tell: Ansible VMware deployment of Linux server from PXE : ansible
- Ansible: Deploy VMs With PXE and Kickstart • Nathan Curry
- Autumn Apple Olive Oil Cake Great for Snacking | Fresh Tastes | PBS Food
- round of parchment
- Make French Onion and Mushroom Pasta Bake | Fresh Tastes | PBS Food
- Healthy Bok Choy Mushroom Stir Fry | Fresh Tastes Blog | PBS Food
- Make-Ahead Chicken Meatballs | Fresh Tastes Blog | PBS Food
- The Power of Routines | Parenting Tips & Advice | PBS KIDS for Parents
- Apricot Granola Bars recipe | Fresh Tastes Blog | PBS Food
- GandCrab ransomware hacker arrested in Belarus – Naked Security
- How to Accurately and Continuously Identify and Remediate OSS Library Risks - Security Boulevard
- Shiny New Linux Kernel 5.8 Comes With Highest Number Of Commits
- New Open Source Security Foundation wants to improve open source software security - Help Net Security
- How poor security practices from remote employees are wasting the time of IT staff - TechRepublic
- The company scofflaws who don't follow IT policy, according to the report, are:
Sprinters: More than two times more likely to cite convenience as more important than company security. Almost half believe that adhering to "strict password requirements" isn't worth the effort and time.
Skeptical of IT capabilities: Those who break IT policies are 50% more likely to claim that it's unrealistic for businesses to oversee all devices and apps used by employees. They also allege that the IT department "is more of a hindrance than a help."
Millennials and Gen Z: Compared with colleagues ages 56 and older, 18- to 39-year-olds are three times more likely to admit they do not always follow IT policies.
IT staff admissions:
25% said they don't enforce security policies universally
4% forgo all policy enforcement because they don't want to deal with the common and frequent concern of productivity vs. managing policies
38% do not strictly enforce security policies because the "organization's method for monitoring is not robust"
29% agreed "it's just too hard and time consuming to track and enforce"
28% said "our employees get more done if we just let them manage their own software"
33% said strict password requirements at work aren't worth the hassle
How IT staff feel about EPMs:
89% of IT departments said a password manager has measurable impact on security
57% who use EPMs report it's a time-saver
45% said it reduces the time they spend on the mundane
37% said it enhances productivity
26% said it reduces breaches and attacks
26% claim it creates happier employees
- Computer mouse co-inventor William English dies at 91 | Engadget
- How to Easily Save Every Images On A Web Page In Firefox
- Journey of a Linux DevOps engineer | Enable Sysadmin
- "The advantage of a bad memory is that one enjoys several times the same good things for the first time."
Friedrich Nietzsche
- Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules
- Mod_Security
Mod_evasive
- How to Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus Engine
- Linux Malware Detect (LMD)
- AdminLTE - Jinja2 Template | Codementor
- Security-Oriented Kodachi Linux 7.2 Released with One of the Best Secure Messengers - 9to5Linux
- Network Admin Stuff: BGP Network Statement
- The Problem With Oracle : If a developer/user can't do it, it doesn't exist. | The ORACLE-BASE Blog
- simply put: mysql has a superior developer experience. postgres has a superior DBA experience. DBA is not really a job anymore, so I pick the developer experience every time.
- What’s New in Azure Active Directory in July 2020 - The things that are better left unspoken
- Considering Hyperconverge Infrastructure (HCI) for your Datacenter? — ThinkCharles.net
- Maze Ransomware operators published data from LG and XeroxSecurity Affairs
- 9 container security tools, and why you need them | CSO Online
- "Tools for securing containers and their platforms not only enable you to improve the security posture of your containers but integrate security more tightly into the entire container lifecycle, from development to runtime."
Alert Logic Managed Detection and Response (MDR)
Anchore Enterprise
Aqua Security
Deepfence
NeuVector
Palo Alto Networks Prisma Cloud
Qualys Container Security
StackRox Kubernetes Security Platform
Sysdig Secure
- VMware Carbon Black Threat Report finds hackers using more aggressive and destructive tactics - TechRepublic
- Sharpening Your Defenses With MITRE ATT&CK’s New Sub-Techniques
- The Future of Work: WFH Changing Cybersecurity - Security Boulevard
- NetWalker ransomware operators have made $25M since March 2020Security Affairs
- Top 7 Security Hardening Tips for CentOS 8 / RHEL 8 Server
- 1) Set up a firewall
2) Disable unused / undesirable services
3) Secure critical files
4) Secure SSH protocol
5 ) Define a limit for password attempts
6) Set up an intrusion prevention system (IPS)
7) Regularly update your server
- Practice parsing text in NLP with Python | Opensource.com
- EU Issues First-Ever Sanctions for Cyberattacks
- Linux Kernel 5.8 "Biggest Release of All Time" Released!
- Apache Struts research, Part 3: Exploitation | Synopsys
- Turn off Monitor using CLI – CubicleNate's Techpad
- Cnitch - Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root
- Prototyping, configurations, labs - The ForwardingPlane
- Oracle AutoUpgrade between two servers
- Report Finds Cloud Security Concerns Warranted - Security Boulevard
- More than 80% of organizations have at least one neglected, internet-facing workload that is either running on an unsupported operating system or has remained unpatched for more than 180 days.
- Video : Multitenant : Running Scripts Against Multiple Pluggable Databases Using catcon.pl | The ORACLE-BASE Blog
- pluggable databases (PDBs)
in a container database (CDB).
- Linux-Fu: Help Messages For Shell Scripts And Here Documents | Hackaday
- Keynote - Dr Kevin Jones - Cyber Security in the modern distributed enterprise: protecting Airbus - YouTube
- Vulnerability Management In A Fujiwhara Effect – RBS
- MIT AI system knows when to make a medical diagnosis or defer to an expert | Engadget
- Elastic Achieves FedRAMP Authorization | APMdigest - Application Performance Management
- List of data breaches and cyber attacks in July 2020 – 77 million records breached - IT Governance UK Blog
- Patch Priority Index for July 2020 - The State of Security
- PCI compliance: 4 steps to properly scope a PCI assessment | CSO Online
- Start with a self-assessment to determine requirements
Know where card data goes
Limit risks to reduce scope
Build a year-round PCI program
- PowerCLI: Get All Snapshot Information | PeteNetLive
- Get-Snapshot * | Select-Object -Property VM, Name, SizeGB, Children | Sort-Object -Property sizeGB -Descending | ft -AutoSize
- Garmin reportedly paid millions to resolve its recent ransomware attack | Engadget
- Control Android Devices From A Desktop With scrcpy (Ubuntu, Fedora, Debian, Linux Mint Installation) - Linux Uprising Blog
- What is the Cybersecurity Maturity Model Certification?
- How to Clone or Backup Linux Disk Using Clonezilla
- Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020
- ZFS quick command reference with examples - UnixArena
- Five Strategies for Building Relationships Remotely - Lighthouse
- The End of Life Hacking
- Flexibility and transparency: The keys to good remote leadership
- Why making mistakes makes me a better sysadmin | Opensource.com
- Why Feedback Rarely Does What It’s Meant To
- How I Learned to Stop Worrying and Love RAIDZ | Delphix
- Microsoft told employees to work from home. One consequence was brutal | ZDNet
- FBI issued a flash alert about Netwalker ransomware attacksSecurity Affairs
- Below the recommended mitigations provided by the FBI:
Back-up critical data offline.
Ensure copies of critical data are in the cloud or on an external hard drive or storage device.
Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.
Install and regularly update anti-virus or anti-malware software on all hosts.
Only use secure networks and avoid using public Wi-Fi networks.
Consider installing and using a VPN.
Use two-factor authentication with strong passwords.
Keep computers, devices, and applications patched and up-to-date.
- Java ternary operator – Linux Hint
- RAID and RAIDZ
- USENIX Enigma 2020 - Reservist Model: Distributed Approach to Scaling Incident Response - YouTube
- Linux's exFAT File-System Driver Can Now "FSCK" As Fast As Windows - Phoronix
- Java Constructor Tutorial – Linux Hint
- Quickly Build Virtual Machine Images With Virt-builder - OSTechNix
- YOU... SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, apps • The Register
- Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint | Alexander V. Leonov
- A Homebrew Radio, As All The Best Homebrew Radios Should Be | Hackaday
- The ultimate guide on Virtual Hosts: how to host multiple apps on one server – Marksei
- 8 tips for running a virtual hackathon | Opensource.com
- HTTP/3 logo | daniel.haxx.se
- Protect Your VPS With an Electronic Pitbull: Active Firewalls - Low End Box
- How Laughing Could Help Your Career
- Beautiful, Secure, Privacy-Respecting Laptops & Phones – Purism
- For Parents, Coronavirus Child Care Options Come With Trade-Offs : NPR
- Option 1: Step back from the workforce
Option 2: In-home day cares
Option 3: "Pandemic pod"
- Opinion: 75 Years On, Remember Hiroshima And Nagasaki. But Remember Toyama Too : NPR
- PHOTOS: India's Ancient Root Bridges Hold Lessons For The Modern World : Goats and Soda : NPR
- jing kieng jri
- How to Manage the Huge WinSxS Folder in Windows 10
- How to Fix Common Microsoft Outlook Issues: 7 Tips to Try
- Vintage Computer Federation – VCF — A user group for computer history hobbyists
- VPR Podcast Directory
- Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report
- Cloudsplaining
- Four individuals charged for the recent Twitter HackSecurity Affairs
- New Win7 Extended Security Updates licensing package @ AskWoody
- Let's hear it for sys admins -- IT satisfaction soars during remote working
- It finds that 88 percent of respondents are satisfied with their IT team's performance and 86 percent say they're confident they understand IT's role. Considering that over the last few months many IT professionals have faced some of the most difficult challenges in their careers, employees' high satisfaction with their performance is a major indication of their success.
- Weasley Clock - Google Photos
- ZFS Capacity Calculator - WintelGuy.com
- 5-disk ZFS; RAIDZ1 or RAIDZ3? | iXsystems Community
- ZFS Raidz Performance, Capacity and Integrity Comparison @ Calomel.org
- 5x 4TB, raidz1 (raid5), 15.0 TB, w=469MB/s , rw=79MB/s , r=598MB/s
5x 4TB, raidz3 (raid7), 7.5 TB, w=116MB/s , rw=45MB/s , r=493MB/s
- The 'hidden' cost of using ZFS for your home NAS
- Anatomy of a Linux Pluggable Authentication Modules (PAM) configuration file | Enable Sysadmin
- Travel company CWT avoids ransomware derailment by paying $4.5m blackmail demand – Naked Security
- NBlog - the NoticeBored blog: NBlog July 29 - boost your ISO27k ISMS with SecAware Take-off
- What’s the Cost of ISO 27701 Certification? | Pivot Point Security
- CMMC and ISO 27001 Audit Requirements Compared | Pivot Point Security
- SEC510: Multicloud Security Assessment and Defense | SANS | Cloud Security
- Updates provided by Red Hat for BootHole cause systems to hangSecurity Affairs
- North-Korea hackers targeted US defense and aerospace companiesSecurity Affairs
- Hunting 0-days in Cisco Data Center Network Manager (DCNM) with ShiftLeft Ocular | by Suchakra Sharma | Jul, 2020 | ShiftLeft Blog
- How to set up passwordless SSH authentication for Ubuntu Server - TechRepublic
- How to find and fix vulnerable default credentials on your network - TechRepublic
- How to Build the Most Effective Information Security Framework
- The Fuzzing Files: The Anatomy of a Heartbleed
- Twitter hack of July 2020: First arrests | Born's Tech and Windows World
- That Time When I Learned My First Lesson for a SysAdm. | The Doom'd Net
- BootHole issue allows installing a stealthy and persistent malwareSecurity Affairs
- 7 Best Practices for Securely Enabling Remote Work - Security Boulevard
- Ditching Spreadsheets for Certificate Lifecycle Automation | Keyfactor - Security Boulevard
- Bring in the A-Team
If you’re responsible for running PKI in the organization, you typically don’t control or manage the certificates issued from it – your system and network admins do. But the teams that cause you the most pain can be your biggest asset here. Figure how they’re getting certificates (from an authorized CA or elsewhere) and how much time it takes them to provision, install and renew those certificates on their devices and applications.
Map it out & identify your gaps
Take what you’ve learned and map it out. Nothing is more powerful than a whiteboard session with your A-Team. Take time to map out your CA infrastructure, applications, and certificate request, issuance and renewal workflows. Once you get the process out of your head and onto a whiteboard, you’ll be able to quickly identify gaps and inefficiencies.
Define your project requirements
Now that you’ve identified the problem, it’s time to outline your success criteria, core capabilities of an ideal solution, and how that can be accomplished using existing in-house resources vs a new product. Don’t limit your requirements to a single use case (we see this far too often with PKI teams). Think about all of your certificate needs now and into the future.
Know what you’re up against
According to Gartner analysts, “Security and risk management leaders are often unaware of the scope or status of their X.509 certificate deployments.”* These unknowns leave you unequipped to do your job. Even if you haven’t experienced a SEV1 outage, you need to clearly communicate the risks and operational costs of outages or certificate vulnerabilities in your network.
Nail the ROI
Don’t let budget be a blocker. Define the cost of buying a solution vs delaying the project. If you invest in certificate lifecycle automation today, how much will it save over the next five years? How much productivity is lost by delaying to next year? If you’re trying to break free from hours of manual work spent on managing certificates, this is the key to your success.
- Bash Tips and Tricks – Professionally Evil Insights
- Why is Dynamic Analysis an Important Part of You AppSec Mix? - Security Boulevard
- Announcing Veracode Security Labs Community Edition - Security Boulevard
- Dynamic Application Security Testing: DAST Basics - Security Boulevard
- Dynamic Application Security Testing: DAST
- Securing Medical and Hospital Devices on GE Healthcare’s CARESCAPE Network - Security Boulevard
- Cyberattacks on Applications Grow Exponentially, Pose Serious Risk - Security Boulevard
- 4 FAQs to help master KVM management
- VPXD crashes because of high memory. | Techbrainblog
- Penetration Testing Lab Setup:MS-SQL
- Secure DNS and DNSSEC – Threat Intelligence in a Drifting E-Threat Landscape
- Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security
- IBM report: Average cost of health care data breach is $7.1M
- data breach costs health care organizations $7.13 million on average, an increase of 10% over last year,
and the study found customers’ personally identifiable information was exposed in 80% of incidents.
- USENIX Enigma 2020 - Internet Infrastructure Security: ... - YouTube
- Penetration Testing is Red Teaming – Jordan Potti – Security Things
- So what is the difference?
Penetration Testing typically has the goal: Find all the vulnerabilities in this subnet, web app, host, network, .
Red Teaming has the goal: Emulate an adversary with as much realism as possible.
Penetration Testing usually has a narrow scope; set of IP’s etc.
Red Teaming usually has a massive scope; phishing, entire external perimeter, physical etc.
I see penetration testing as an audit function, validating controls, testing for common vulnerabilities, etc.
I see red teaming as a holistic organization security meter; testing the blue team, user security awareness as well as determining that path of least resistance to total organization compromise.
- Elk + Osquery + Kolide Fleet = Love – Jordan Potti – Security Things
- Automating the detection of Mimikatz with ELK – Jordan Potti – Security Things
- Using ElastAlert to Help Automate Threat Hunting – Jordan Potti – Security Things
- Honey Accounts – Jordan Potti – Security Things
- HTTP Security Headers – Jordan Potti – Security Things
- Kubei - A Flexible Kubernetes Runtime Scanner
- dazzleUP - A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS
- Phishing with SAML and SSO Providers – Jordan Potti – Security Things
- Breaking trust: Shades of crisis across an insecure software supply chain - Atlantic Council
- Byzantine Generals And Building a More Trusted and Resilient World | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Jun, 2020 | Medium
- Penetration Testing is Red Teaming – Jordan Potti – Security Things
- Is Your Chip Card Secure? Much Depends on Where You Bank — Krebs on Security
- Chris's Wiki :: blog/linux/ZFSOurSparesSystemV
- Docker on Proxmox | It's full of stars!
- Happy Birthday, Windows 10! - The things that are better left unspoken
- History to Timesheets – Stuff I'm Up To
- Chris's Wiki :: blog/sysadmin/IPMISharedInterfaceProblem
- Sandworm details the group behind the worst cyberattacks in history - The Verge
- July 31, 2020: Celebrate "System Administrator Appreciation Day" Today
- This 24 hour celebration is an honest way to feel proud of a person who:
Analyze potential issues and logs.
Keep himself/herself updated with new technologies and integrate it into data center.
Performs routine audit of software and System.
Updates System.
Apply patches.
Configure System and Software.
Add and Configure new hardware and software.
One person whom you trust for security, project documentation.
Troubleshoot and Performance System Tuning.
Creates, Manage and Maintains Network Infrastructure.
- https://insidecybersecurity.com/sites/insidecybersecurity.com/files/documents/2020/jul/cs2020_0217.pdf
- APT trends report Q2 2020 | Securelist
- Joby Gorillapod Rig is a do-it-all home for your DSLR camera - 9to5Toys
- Chris's Wiki :: blog/sysadmin/IPMIPortIsolatedNetwork
- BootHole vulnerability in GRUB2 puts Linux and also Windows Secure Boot at risk | Born's Tech and Windows World
- 10 cheat sheets for Linux sysadmins | Opensource.com
- HPC on Azure: Benefits and Best Practices – Notes from MWhite
- Using Qemu in 2020 | Fun with virtualization
- Homelab – 2012 to 2019 AD upgrade | Patrick Kremer
- Tomcat vs. JBoss: Compare features of these Java app servers
- Getting started with Ansible 06 - Writing our first Playbook - YouTube
- Getting started with Ansible 05 - Running elevated ad-hoc Commands - YouTube
- Getting started with Ansible 04 - Running ad-hoc Commands - YouTube
- Getting started with Ansible 03 - Setting up the Git Repository - YouTube
- Getting started with Ansible 02 - SSH Overview & Setup - YouTube
- Getting started with Ansible 01 - Introduction - YouTube
- Meet Karmbian, an ARM Linux Distro for Ethical Hackers Based on Kali Linux and Armbian - 9to5Linux
- Linux runs on 500 of the top 500 supercomputers | Network World
- https://www.issa.org/wp-content/uploads/2020/07/ESG-ISSA-Research-Report-Cybersecurity-Professionals-Jul-2020.pdf
- Hacking Summer Camp: Memory Analysis Guide, Part 1 | CQURE Academy
- Bouncing Back from the Pandemic A Step-By-Step Guide for MSPs | Webroot
- Set-up a virtual ‘discovery’ meeting to discuss with them what their situation really is? This should be a (perhaps painfully) honest conversation about the state of the business and what obstacles stand on the way of then getting back to “business as usual.”
Devise an agenda based on the services you provide today and the associated costs. Based on the client’s challenges (or strengths) what is affordable what can maybe be minimized? Has the business direction changed at all? Many SMBs may be looking to pivot considering COVID-19.
Aim to be flexible (while remaining profitable) and willing to accommodate the period between their business restarting and establishing a new normal. Ask yourself if taking a slight hit in monthly income or margins is an acceptable sacrifice to make in order to help keep a potentially long-term client afloat?
Next, work with a client to draw up a joint “Recovery Plan” with a timeline for scaling back up the workload and how you can specifically assist with their recovery. This may involve stressing the costliness of a data breach, downtime, and other ways your services help the clients bottom line suffering.
Finally, schedule regular client account reviews (hopefully, you already have some version of these in place) to monitor technology-related pain points and assist with addressing them as reasonably as possible.
- Doki, an undetectable Linux backdoor targets Docker ServersSecurity Affairs
- Ten Cybersecurity Lessons Learned About Working From Home | SENSEI ENTERPRISES, INC.
- 1. Home networks are 3.5 times more likely to have at least one family of malware than corporate networks.
2. Sharing the device you use for law firm work with family members is a bad idea.
3. Zoom is currently the choice of clients/potential clients.
4. Make sure your confidential client conversations are kept private.
5. Employee security awareness training is more important than ever.
6. Have a Work-From-Home Policy
7. Consider issuing firm-owned laptops so that you control the security of devices used at home.
8. There are options for home users "competing for bandwidth."
9. Utilize a Virtual Private Network (VPN) for remote connecting to the firm network.
10. Prioritize lawyer Wellness
https://senseient.com/wp-content/uploads/WFH-Cybersecurity-Lessons.pdf
- Risk Register Examples for Cybersecurity Leaders - Security Boulevard
- Risk Description: Describe the risk being measured and how it threatens the organization.
Cause: The event or trigger that causes the risk to happen.
Result or Impact: The impact your organization faces if the risk occurs.
Likelihood: How probable the risk is to happen to your company.
Outcome: How detrimental the risk can be if it happens.
Risk Level: How high of a priority the risk is to your organization based on your risk matrix.
Cost: Expense to mitigate the risk or minimize its impact as much as possible.
Mitigation Actions: What actions were taken to mitigate the risk.
- 87% of Americans view data privacy as a human right, but most still use risky security practices - TechRepublic
- 87% of Americans view data privacy as a human right
- | InsideCyberSecurity.com
- How To Check RAM on Linux – devconnected
- 23 CentOS Server Hardening Security Tips - Part 2
- 20 CentOS Server Hardening Security Tips - Part 1
- Red Hat Enterprise Linux runs into Boothole patch trouble | ZDNet
- In practice, the only vulnerable Linux systems are ones that have already been successfully breached by an attacker.
- Tsuchiya Kaban Creates Leather Bag Specifically for Carrying Watermelon | Spoon & Tamago
- Congress is starting to understand how Silicon Valley works | Engadget
- USENIX Enigma 2020 - Privacy at Speed: Privacy by Design for Agile Development at Uber - YouTube
- How To Check RAM on Linux – devconnected
- DNS Security 101: The Essentials You Need to Know to Keep Your Organization Safe
- ICS/SCADA Wireless Attacks - Security Boulevard
- Kyoto’s New Ace Hotel Designed by Kengo Kuma | Spoon & Tamago
- 8 Tips for Crafting Ransomware Defenses and Responses
- Android 10-based LineageOS 17.1 available for the Amazon Fire HD 8 (2018) - NotebookCheck.net News
- What Does Schrems II Mean for the U.K.? - Lawfare
- Leader of Hacker Gang Sentenced to 9 Years For Hospital Malware | WIRED
- Wesley McGrew
- Sysadmin careers: Seven ways to market your sysadmin skills | Enable Sysadmin
- 8 Ways to reduce your Cloud spend - Anto Online
- How to Install i-doit Asset Management Tool on Ubuntu 20.04 LTS
- Mitigating BootHole – ‘There’s a hole in the boot’ – CVE-2020-10713 and related vulnerabilities | Ubuntu
- Improved systemd integration with Podman 2.0 | Enable Sysadmin
- Securing Home Assistant with Cloudflare
- Manage Debian unattended-upgrades – Linux Hint
- Ivan Ristić: Compiling Apache with static OpenSSL libraries
- Apache OpenSSL static
- Keep Your Surveys Private With Nextcloud Forms | TFiR: The Fourth Industrial Revolution
- How to Install InvoiceNinja on Ubuntu 20.04 Server with Apache/Nginx
- IT meets behavior science: Driving change by understanding the 8 emotional stages | Enable Sysadmin
- The emotional roadmap to change has eight stages
Stage 1: Excitement
Stage 2: Confusion
Stage 3: Disagreement
Stage 4: Countering
Stage 5: Avoidance
Stage 6: Acceptance
Stage 7: Embracing
Stage 8: Improvement
- Intelspy - Perform Automated Network Reconnaissance Scans
- Survey of Supply Chain Attacks - Schneier on Security
- Many Cyberspace Solarium Commission recommendations expected to become federal law | CSO Online
- LifeSpan Health System Hit With $1 Million HIPAA Fine
- What is the Cybersecurity Maturity Model Certification (CMMC)? - Security Boulevard
- The Garmin Ransomware Hack Is Horrifying
- Making Infosec Jobs Easier: Keeping Systems Patched - Security Boulevard
- 7 Challenges in Keeping Systems Patched
1. Inventory
2. Keeping up with alerts from your existing tools
3. Difficulty in identifying vulnerable systems
4. Issues with scan targeting
5. Broad risk coverage
6. Prioritization
7. Patching SLAs
- GitHub - deletescape/sloot: loot source code from sonarqube
- Source Code Of Microsoft, Adobe, AMD & 50 Others Leaked Online
- Instagram OSINT with python tools | Hacker Milk
- ODA: odacli now supports Data Guard in 19.8 - Blog dbi services
- Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses - TechRepublic
- IT gets bigger budgets and more respect as a result of COVID-19
- Analyze your web server log files with this Python tool | Opensource.com
- Ubuntu Retro Remix: A New Raspberry Pi Linux Distro For Retro Gamers
- Sitedorks - Search Google/Bing/DuckDuckGo/Yandex/Yahoo For A Search Term With Different Websites
- Automated Network Troubleshooting With Ansible Tower And Zabbix | Greg Sowell Consulting
- Multitenancy and Network Security in Kubernetes with Cilium — Cilium
- Red Hat Enterprise Linux 8.3 Enters Beta with Improved Security, New System Roles - 9to5Linux
- Install and Patch in one single action with OUI
- Ubiquiti Unifi Adds Useful Wireless Heat Maps – TDSheridan Lab
- LinkedIn Python/Selenium Automations - krypted
- The Case For Only Looking At Your Portfolio Balance Once A Year — My Money Blog
- What is the secure software development life cycle (SDLC)? | Synopsys
- Generative Adversarial Networks: Build Your First Models – Real Python
- ZFS Performance Basics: Disable atime
- Security 101: Backups & Protecting Backups · System Overlord
- Set Up Apache Guacamole Remote Desktop on Debian 10 Buster
- This Day in History: 1947 U.S. National Security Act | flyingpenguin
- HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)
- vmware-esxi-7-kickstart-install/ks.cfg at master · sysadmintutorials/vmware-esxi-7-kickstart-install · GitHub
- VMware ESXi 7.0 Installation and Automation Setup
- https://www.sysadmintutorials.com/goto/https://github.com/sysadmintutorials/vmware-esxi-7-kickstart-install
- Garmin's services are slowly coming back to life after a major outage | Engadget
- How to use the Linux iostat command to check on your storage subsystem - TechRepublic
- Twitter contractors reportedly made a 'game' of accessing Beyoncé's data | Engadget
-
- Garmin confirms a cyber attack took its systems offline | Engadget
- Red Hat Insights: compliance | Enable Sysadmin
- Why is Cash King in Germany? – BeingFrugal.net
- Cyberstalker Locates Victim by Enhancing Reflection in Her Eye
- Which programming languages are useful for sysadmins? | Enable Sysadmin
- hint bash -> Python -> Rust/Go -> Elixir
- Cloud Computing Threats: Beyond Vulnerabilities
- CISA, NSA Lay Out Recommendations for Protecting OT Assets
- Pandemic Credential Stuffing: Cybersecurity's ...
- The state of cyber security hiring: Jobs, skills & salaries | CSO Online
- Security architect - $124,600
- HOWTO: Enable Extended Protection for Authentication on the SQL Servers hosting the AD FS and Azure AD Connect databases - The things that are better left unspoken
- Beginner's Overview of Getting Started in Backpacking — Stephanie Hurlburt
- Homemade Nectarine Zucchini Chutney Recipe -- Gluten Free, Vegan | Penniless Parenting
- Cryptovirology: The Birth, Neglect, and Explosion of Ransomware | July 2017 | Communications of the ACM
- A history of ransomware: The motives and methods behind these evolving attacks | CSO Online
- “I thought: This was encryption,” he says. “But it was completely ridiculous. The program wasn’t created by a real IT guy.” An analysis of the malware published a month later in the Virus Bulletin January 1990 edition said pretty much the same thing: “While the conception is ingenious and extremely devious, the actual programming is quite untidy.”
Young and Yung paper -https://cacm.acm.org/magazines/2017/7/218875-cryptovirology/fulltext
- Network Admin Stuff: Blackhole Traffic in Linux
- CISSP - The Memory Palace - Prashant Mohan
- USENIX Enigma 2020 - L. Jean Camp's 'All Security Is Good(s): Design Guidance For Economics' - Security Boulevard
- USENIX Enigma 2020 - Platform Data Privacy & Security Strategies for Public Interest Research - YouTube
- Linux flush or remove all iptables firewall rules - nixCraft
- Docker for Pentester: Pentesting Framework
- Postmortem on Backpacking Gear, 7/26 — Stephanie Hurlburt
- Don’t underestimate the power of a towel in the outdoors!
- ETL file: What it is and how to open it - The Silicon Underground
- USENIX Enigma 2020 - All Security Is Good(s): Design Guidance for Economics - YouTube
- Webster's 1913
- JOHN PARK'S WORKSHOP LIVE Cable Coiling 7/9/20 @adafruit @johnedgarpark #adafruit - YouTube
- Troy Hunt: Building the Ultimate Home Office (Again)
- Release scheme for the Microsoft Edge Browser | Born's Tech and Windows World
- Frugal Radio: SDR Guide Ep 3 – Beginner Budget SDR Shootout
- Presentation Skills: Tips for Writing Your Own Introduction - Metropolitan Organizing®
- “An excellent introduction should do three things in less than two minutes: highlight you as a well-informed, qualified expert, excite the audience, and create a smooth transition into your speech.
In addition, a good introduction addresses these six questions:
Who are you? What are your qualifications and experience?
Why is your presentation relevant? What problems does it address?
What is in it for the audience? How will you solve their problems?”
- capa: Automatically Identify Malware Capabilities | FireEye Inc
- reNgine - An Automated Reconnaissance Framework Meant For Gathering Information During Penetration Testing Of Web Applications
- Hardening in Debian 10 – Linux Hint
- Introduction to Selenium in Python 3 – Linux Hint
- How to Install Rudder System Auditing Tool on Ubuntu 20.04
- What has happened and where we've come: A short history of DRM | Defective by Design
- Blueprint + Blueprint = Behave | Daniel Miessler
- Maximize your effort. Focus on the grind. Focus on grit.
- GitHub - 0xNanda/Oralyzer: Open Redirection Analyzer
- When’s the Right Time for an Open Source Audit? - Security Boulevard
- Preventing Cyber Attacks With CIS Basic Controls - Security Boulevard
- The challenges and opportunities of shadow IT - TechRepublic
- Ransomware Attack Strikes Erie Community College | SENSEI ENTERPRISES, INC.
- Cisco Releases Security Updates for ASA and FTD Software | CISA
- Malware attacks down as ransomware increases
- How to Convert Single Phase to 3 Phase and Use Three Phase Tools at Home - YouTube
- Why is Science Hard for People to Trust? Fighter Pilots and Restaurants Offer Clues | Don Jones®
- Hands-On: The Pandemic DEF CON Badge Is An Audio Cassette | Hackaday
- USB-C Where It Was Never Intended To Be | Hackaday
- TinyPilot Provides KVM-over-IP, With Low Cost And Even Lower Latency | Hackaday
- Iris Rev4 Build | CAnderson’s page of disassembly and tinkering
- Versatile Energy Meter Has Multiple Functions | Hackaday
- Mr. Speaker - 3D Printed DSP Portable Speaker : 9 Steps (with Pictures) - Instructables
- Do More With Your Android Phone: 70+ Tips and Tricks You Should Know
- Can Data Be Recovered From a Failed SSD? What You Need to Know
- There are several key warning signs that your SSD is about to die:
Bad block errors: You cannot write to a specific block on the SSD, random freezes and errors, random crashes
Cannot write to disk: As it says, you can no longer write to the SSD, which in turn causes crashes, errors, and more
File system repair: You need to repair your operating file system on an increasingly regular basis
Boot crashes: Your operating system cannot boot properly, and your system fails to load
Read-only: The SSD suddenly switches into read-only mode, stopping you from writing new data to the drive
- ESP8266 Makes A Wireless Card Reader | Hackaday
- 8 Cybersecurity Themes to Expect at Black Hat USA 2020
- Remote Work
Cloud and Containers
Elections and Political Climate
Critical Infrastructure and IoT
Tech Supply Chain Risks
Security Culture
Email Authentication
Enterprise Software Weaknesses
- Newsletter: July 25, 2020 – Notes from MWhite
- Why Vulnerable IoT Is a Double-Sided Problem for ISPs and Their Customers - Security Boulevard
- PrivacyCon 2020 | Federal Trade Commission
- US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IPSecurity Affairs
- CVE-2020-5902
- The #1 IT Security Capability – Multi-Factor Authentication - JumpCloud
- New MATA Multi-platform malware framework linked to NK Lazarus APTSecurity Affairs
- USENIX Enigma 2020 - Nicolas Papernot's 'What Does It Mean for Machine Learning To Be Trustworthy?' - Security Boulevard
- Debunking Cybersecurity Jargon Part Four – What is Optical Character Recognition? - Security Boulevard
- Cybersecurity Lessons from the Pandemic: Data – Part 2 - Security Boulevard
- Lin-Manuel Miranda Is Posting Cringe
- What Makes a Great CIO or vCIO? | Pivot Point Security
- Just Like the Fox and the Hen House: Keeping IT and Information Security Assessment Separate | Pivot Point Security
- Intune vs. WSUS – Costs, Benefits, Ease of Use, and Deployment
- AuthMatrix - A Burp Suite Extension That Provides A Simple Way To Test Authorization
- Thinking of a Cybersecurity Career? Read This - Security Boulevard
- Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing
- NY Charges First American Financial for Massive Data Leak — Krebs on Security
- EFF Joins HOPE 2020 | Electronic Frontier Foundation
- First American Title Insurance Co. Faces Charges in NY
- AOC U2790VQ (U2790PQU) Review : Monitors
- AOC U2790VQ
- Organizations Continue to Struggle With App Vulns
- Rise of the Robots: How You Should Secure RPA - ...
- Robotic Process Automation (RPA),
), business technology that intelligently automates mundane and repetitive tasks typically performed by humans, is indeed hot and growing.
- An introduction to Pluggable Authentication Modules (PAM) in Linux | Enable Sysadmin
- Linux Commands: jobs, bg, and fg | Enable Sysadmin
- California university pays $1 million ransom amid coronavirus research
- Automate testing for website errors with this Python tool | Opensource.com
- 101 Ways to Say NO to SysAdmin Requests - Thomas LaRock
- Keycloak and OpenLDAP – Stuff I'm Up To
- How Monitoring Your IVR Helps Predict and Reduce Fraud in the Contact Center | Pindrop
- The Seccomp Notifier - New Frontiers in Unprivileged Container Development — Christian Brauner
- Video Meetings and Learning Styles | The Networking Nerd
- Building PowerShell for Speed
- Nerding with Civilians – Unadulterated Nerdery
- Garmin shutdown by WastedLocker ransomware attack | Born's Tech and Windows World
- TinyPilot: Build a KVM Over IP for Under $100 · mtlynch.io
- The Internet of Things (IoT) - essential IoT business guide
- RDP hijacking attacks explained, and how to mitigate them | CSO Online
- Teen Allegedly Leaked Paging System Health Records
- PENIOT - Penetration Testing Tool for IoT
- Security risks of outdated encryption: Is your data really secure? - Security Boulevard
- Improving Your Vulnerability Remediation Process - Hysolate
- Raft of Healthcare Breaches Continue
- Many CIOs Believe Expired TLS Certificates Could Affect Their Business - Security Boulevard
- When Legacy Application Security Becomes Your “Mr. Hyde” - Security Boulevard
- July Device Threat Report - Security Boulevard
- More than Half of European Citizens Worry About Malicious Use of Their Online Data - Security Boulevard
- Update on NIST's Post-Quantum Cryptography Program - Schneier on Security
- Git collaboration: quick start - Blog dbi services
- Erman Arslan's Oracle Blog: Database Forensics - Incomplete/Interrupted Tablespace Drop operation / INTERNAL DDL / cause & effect
- SSO Logon with X.509 certificate | It's full of stars!
- Data Privacy: Your Customers Demand It – Running Your Business
- Digital Nomads: Everything You Ever Wanted to Know – Online Businesses
- This is Why DoD Suppliers Need to Move Soon to CMMC Readiness | Pivot Point Security
- Kubernetes Security From The Trenches - Julien Sobrier - YouTube
- Raspberry Pi as a Penetration Testing Implant (Dropbox) · System Overlord
- What are software security requirements? | Synopsys
- CPTED In Cybersecurity | Avast
- Crime Prevention Through Environmental Design, or CPTED
- Trust is Key in Healthcare – You Can’t Afford a Breach - Security Boulevard
- Running Systems » Blog Archive » Recover non-booting Linux
- The History of TV Color Bars, One of the First Electronic Graphics Ever Made
- Why Commercial O365 is not DFARS compliant - PreVeil
- Two more cyber attacks hit Israel's water facilities in JuneSecurity Affairs
- AWS Essentials & Solution Architect Associate certification: The ultimate guide
- Understanding the CMMC model - Security Boulevard
- Interactive Application Security Testing: IAST Basics - Security Boulevard
- interactive application security testing (IAST)
- The Texas Cybersecurity Act: What You Need to Know - Security Boulevard
- Top 8 cybersecurity books for incident responders in 2020 - Security Boulevard
- 1. “The Practice of Network Security Monitoring” by Richard Bejtlich
2. “Reversing: The Secrets of Reverse Engineering” by Eldad Eilam
3. “Practical Malware Analysis” by Michael Sikorski
4. “Incident Response & Computer Forensics” (3rd edition) by Matthew Pepe, Jason T. Luttgens and Kevin Mandia
5. “Silent on the Wire” by Michal Zalewski
6. “Information Security Policies, Procedures, and Standards” by Douglas J. Landoll
7. “The Hacker Playbook 3: Practical Guide To Penetration Testing” by Peter Kim
8. “Intelligence-Driven Incident Response” by Scott J. Roberts and Rebekah Brown
- Kubernetes Containers a Boon for Developers - Security Boulevard
- Grow Up! Plotting Your Path Along the Zero Trust Maturity Model - Security Boulevard
- 1) Never trust, always verify
2) Adopt MFA here, there, and everywhere
3) Avoid the use of VPN where possible, and adopt an application gateway instead
4) Fuse single sign-on with MFA to maximize user productivity
5) Balance security with usability through conditional and risk-based access
6) Look for identity and access management solutions that work well together, and make integrating with your existing and future IT environment easier
- Your 30-60-90 Day AppSec Plan - Security Boulevard
- How to identify and prevent firmware vulnerabilities - Security Boulevard
- The Key Reason Why Some Enterprises Outright Refuse to Enable BYOD
- Zero Day Initiative — The July 2020 Security Update Review
- Oracle Critical Patch Update for July 2020 Tops Previous Record with 443 Security Updates - Blog | Tenable®
- What Being “Audit-Ready” Means Today for DoD Suppliers | Pivot Point Security
- 3 types of privacy settings in Microsoft Teams - SharePoint Maven
- Considerations for Cloud Desktops – Skillset – Ask the Architect
- Keycloak Container Set – Stuff I'm Up To
- CCPA is not enough say businesses
- DSHR's Blog: Twitter Fails Security 101 Again
- BadPower Vulnerability In Fast Chargers Might Make Phones Halt And Catch Fire | Hackaday
- Space Force official logo and motto unveiled | Engadget
- Python Dominates IEEE's Top Programming Languages 2020 For 3 Yrs In A Row
- REMnux 7.0 Released: Ubuntu-based Linux Distro For Malware Analysis
- Jan Czochralski And The Silicon Revolution | Hackaday
- Frugal Radio: Using an Airspy and RTL-SDR To Scan the UHF Military Airband in SDR#
- The Industrial Revolution and Control Systems | The Automation Blog
- Abit BP6: In memoriam - The Silicon Underground
- But those DIMMs were expensive at the time. I started out with 128 MB and eventually expanded mine to 384 MB.
- Why do capacitors fail? - The Silicon Underground
- Comprehensive Guide on HTML Injection
- Companies with poor privacy practices are 80% more apt to suffer data breach - TechRepublic
- Companies with poor privacy practices are 80% more apt to suffer data breach
- FTC Finalizes Privacy Shield Settlement with Ortho-Clinical | Federal Trade Commission
- Forensic Investigation: Ghiro for Image Analysis
- Vulnerable webapps and VMs for penetration testing practice: my own list | Andrea Fortuna
- Summary of July 15th, 2020 Purdue Seminar on Control System Cyber Security - CERIAS - Purdue University
- Tri-State MSSF ~ Cyber Thoughts
- Ripple20's Effects Will Impact IoT Cybersecurity ...
- Detecting Code ReUse in Ghidra With Intezer's Plugin - /dev/random
- Mitre, the creepy company checking your fingerprints on Facebook for the US Government - Graham Cluley
- A Complete Guide to IoT Security for Your Business .Learn more, secure your company!
- https://www.i-scoop.eu/internet-of-things-guide/
- Written communication is remote work super power - Snir David Blog
- What Is A Motherboard? What Are The Different Components Of A Motherboard?
- Manage network connections from the Linux command line with nmcli | Opensource.com
- grep vs egrep vs fgrep: What's the Difference?
- US Treasury Yields Lowest In The History of the Republic — My Money Blog
- Which Windows 10 Apps Should You Delete? - Fossbytes
- COVID Diaries Pt. 7 | Greyhawk's Meanderings
- Red Hat Insights: Vulnerability management | Enable Sysadmin
- The Ultimate Guide to Setting Up Zabbix 5.0 Monitoring
- Office 365: TLS 1.0/1.1 support ends on Oct. 15, 2020 | Born's Tech and Windows World
- The Call for Applied Research on Offensive Security Tool Release | Chris Sanders
- A Socratic Outline for Discussing the OST Release Debate | Chris Sanders
- X.509 troubleshooting - Enabling trust between NetWeaver and intermediate server | It's full of stars!
- AnyConnect: Allow 'Local' LAN Access | PeteNetLive
- MediaWiki and OAuth2 – Stuff I'm Up To
- Acquiring IT Skills and Keeping Them Up to Date | APMdigest - Application Performance Management
- Match Windows Disks to VMWare VMDK Files | Windows OS Hub
- How to deal with Purple Screen Of Death - PSOD | ESX Virtualization
- 43 percent of employees make mistakes that have cybersecurity implications
- Creating a Presentation with Jupyter Notebook and RISE (Video) - The Mouse Vs. The Python
- https://www.sans.org/media/free/free-faculty-tools.pdf
- What Is Port Forwarding? Everything You Need to Know
- Linked: Balance Of Power Shifts To Employees In Flex Office Model
- What social engineering is and how it works - The Silicon Underground
- Troy Hunt: 10B
- How to never miss a video call with Raspberry Pi and NextEvent - Raspberry Pi
- Fraud in the IVR: Your Complete 2020 Guide | Pindrop
- “The fraudster’s greatest liability is the certainty that the fraud is too clever to be detected.” – Louis J. Freeh Former U.S. F.B.I Director
- Hacking Summer Camp: How to Steal Kerberos Tickets? | CQURE Academy
- 13 Raspberry Pi Zero Alternatives That Cost Less Than $20
- Explained: What is Grep Command in Linux?
- MSPs are still not appreciating the risk of Ransomware
- Twitter hack raises alarm among government officials, security experts | CSO Online
- PCI DSS explained: Requirements, fines, and steps to compliance | CSO Online
- 1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6.Develop and maintain secure systems and applications.
7.Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10.Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.
- Reverse Threat Modeling for Pursuing Attribution | Daniel Miessler
- A Historical Cycle That Limits Progress | Daniel Miessler
- Cybersecurity Leaders: Invest In Your People
- Russian Cyberattacks Target COVID-19 Research, ...
- Leading Through Uncertainty: Be Proactive in Your ...
- What Organizations Need to Know About IoT Supply ...
- Third-Party IoT Vulnerabilities: We Need a ...
- 'Make Your Bed' and Other Life Lessons for Security
- Task 1: Process
Task 2: Documentation
Task 3: Procedures
Task 4: Metrics
Task 5: Plan
- US charges two Chinese hackers with trying to steal COVID-19 research | Engadget
- The internet is becoming more secure -- but only slowly
- Datadog Releases Private Locations for Synthetic Monitoring | APMdigest - Application Performance Management
- OpenTelemetry, Open Collaboration | DEVOPSdigest
- Business Continuity in SQL Database | James Serra's Blog
- X.509 troubleshooting - Send X.509 Certificate in HTTP Header | It's full of stars!
- How To Run Ubiquiti's Unifi Controller Software As A Windows Service
- Errata Security: How CEOs think
- Taking risks is more often the correct answer rather than having more security.
CEOs trust outside consultants mostly because outsiders don't have a stake in internal politics. Thus, the consultant can say the same thing as what you say, but be trusted.
They divide their business into two parts:
The first is the part they do well, the thing they are experts at, the things that define who they are as a company, their competitive advantage.
The second is everything else, the things they don't understand.
- Automating To Detect Change - EvilTester.com
- VPNs With "Zero Log" Policy Leak 1.2 TB Data Of Millions Of Users
- Legal Considerations Raised by the U.S. Cyberspace Solarium Commission Report - Lawfare
- Building and publishing documentation for Ansible Collections | die-welt.net
- Analyzing systemd calendar and timespans | Opensource.com
- Using ifstat for Linux network statistics | Enable Sysadmin
- How to Revamp the Education System Part 1 | People Centre
- Your certificate expires in 1 day!!!
- Medical Device Cybersecurity: Addressing the ChallengesWebinar.
- Video : Resource Manager : SQL Quarantine in Oracle Database 19c Onward | The ORACLE-BASE Blog
- Project V: Open-source Tools to Build your Own Private Network
- How to Harden and Secure NGINX Web Server in Linux
- What is BlackRock Android malware?
- Everything You Need to Know about Linux Containers (LXC)
- How to create a photo collage with this python script | Hacker Milk
- A Major Flaw In Fast Chargers Can ‘Burn’ Your Smartphone: BadPower Attack
- How to remove tape residue - The Silicon Underground
- Job offer acceptance deadline? Proceed with caution. - The Silicon Underground
- SIGRed-Patch KB4565524: Install fails in Windows Server 2008 R2 | Born's Tech and Windows World
- Windows 10/Server 2016: Security policy Inactivity limit does not work | Born's Tech and Windows World
- Juicy Baked Turkey Burgers With Garlic
- 10 Basic Programming Principles Every Programmer Must Know
- 1. Keep It Simple, Stupid (KISS)
2. Write DRY Code
3. Open/Closed
4. Composition Over Inheritance
5. Single Responsibility
6. Separation of Concerns
7. You Aren’t Going to Need It (YAGNI)
8. Document Your Code
9. Refactor
10. Clean Code At All Costs
- 6 Kid-Friendly Websites for Free Arts and Crafts Activities for Children
- The 8 Best Computer Temperature Monitor Apps
- 3 Ways to Boot Multiple OSes on a Raspberry Pi
- USB Flash Drive Reveals Strange SD Card Heart | Hackaday
- This Week In Security: Twitter, Windows DNS, SAP RECON | Hackaday
- Tend Your Garden… Again | Hackaday
- Exposing Computer Monitor Side-Channel Vulnerabilities With TempestSDR | Hackaday
- An Easier Way To Roll Your Own LED Ball | Hackaday
- Bubbles, The People-Pleasing Pandemic Panda | Hackaday
- Thoroughly Modern: Why You Need An IT Strategy And Roadmap - IT Jungle
- Marketing During Coronavirus: 6 Tips for Outlasting the Pandemic – SEO
- #1: Don’t Make Decisions in a Panic
#2: Stay Connected with Your Customers on Social Media During the Coronavirus Pandemic
#3: Take All Possible Opportunities to Help People During the Coronavirus Pandemic
#4: Improve Your Online Presence as the Coronavirus Pandemic Rages
#5: Improve SEO on Your Site
#6: Adapt Your Offers to the Circumstances
- Tales From The Sysadmin: Impending Hard Drive Doom | Hackaday
- Using dockle to check docker containers for known issues -- Prefetch Technologies
- Step by Step Guide to Setup LDAPS on Windows Server - Microsoft Tech Community - 385362
- F-Secure uncovers counterfeit Cisco network devices
- TOP differences between ESXi 6.7 and ESXi 7.0 | ESX Virtualization
- BMC-IT - Linux - RAID Monitor - LSI Fusion-MPT SAS-2
- MegaCLI cheatsheet | ErikIMH - just another linux admin's blog
- SMTP Ciphers – Stuff I'm Up To
- Creating NetApp Root Load-Sharing Mirrors with Ansible
- Solving Azure Connection Internal Server Errors - Wahl Network
- How to Downgrade Windows Server Datacenter to Standard Edition? | Windows OS Hub
- How to easily kill a zombie datastore in your VMware vSphere lab | TinkerTry IT @ Home
- My remotely proctored VMware exam experience | Patrick Kremer
- How to Home Lab: Part 9 - Expanding Your Home Network | dlford.io
- Windows Server 2008 R2: 0patch fixes SIGRed vulnerability | Born's Tech and Windows World
- The Libertarian Case for Immigration (and Against Trump) - Lawfare
- Why Your Company Mission Drives Your Culture – Running Your Business
- Laptop Mode Tools 1.74 - RESEARCHUT
- 6 Reasons Why People Love to Use Arch Linux
- A container security checklist: 5 key questions to answer | TechBeacon
- Understanding open source governance models
- How to share Wi-Fi network passwords via QR code on Android
- FBI reportedly uses a travel company's data for worldwide surveillance | Engadget
- nbtscan and nmap "nbtstat -s" For SMB scanning Guide for beginners
- nbtscan -r 192.168.1.0/24
- DNS Enumeration through dnsenum tool in Kali Linux Guide for beginners
- https://www.exploit-db.com/docs/12389.pdf
- FAQ: The Windows DNS Server security hole, CVE-2020-1350, from a “normal” user’s perspective @ AskWoody
- Want to Write Beautiful PowerShell Code? Here's How.
- datapatch and OPatch documentation and MOS note
- Ground-truth documents | Armed and Dangerous
- Documentation as knowledge capture | Armed and Dangerous
- How To Kickstart Your Budget, Especially When Divorcing | Penniless Parenting
- Persistent Memory in the Data Centre - Architecting IT
- EU blocks websites from transferring personal data to US servers | Engadget
- “The limitations on the protection of personal data arising from the domestic law of the United States... are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law,”
- Cybersecurity Information Sharing Success Stories - Lawfare
- Testing WireViz
- Using the nstat network statistics command in Linux | Enable Sysadmin
- Planner Is a Great GTD and To-Do List App for the Linux Desktop - 9to5Linux
- Scan and Repair Disk Bad Sectors in Ubuntu Linux, Fedora
- Doc Searls Weblog · How long will radio last?
- 10 Tips On How to Use Wireshark to Analyze Packets in Your Network
- The 5 Best Graphical Backup Tools for Ubuntu and Linux Mint
- Jon “maddog” Hall Discusses Global Open Source Certification
- Speed up container builds with overlay mounts | Enable Sysadmin
- Use this cheat sheet for tmux as a terminal multiplexer | Opensource.com
- UASP makes Raspberry Pi 4 disk IO 50% faster | Jeff Geerling
- Bulk Only Transport (or BOT)
'USB Attached SCSI Protocol', or 'UASP'
- Home Assistant improves performance in 0.112 release [LWN.net]
- The CIA, Covert Action and Operations in Cyberspace - Lawfare
- Patching all my environments with the July 2020 Patch Bundles
- New Adventures | Unexpected Change in Employment Status – CubicleNate's Techpad
- New DDR5 RAM Specs Released: 6.4Gbps Transfer Speed, 4X Density Over DDR4
- Speaking of the highlights, the new DRAM spec now supports 64Gbit maximum die density in comparison to 16bit in the case of DDR4. This means that high-density memory chips used in servers (LRDIMM) will be able to achieve 2TB capacity in a single module.
DDR5 promises to provide peak data transfer rates of up to 6.4Gbps in comparison to 3.2Gbps on DDR4. However, the initial version of DDR5 will launch at 4.8Gbps transfer capacity, which is about 50% higher than DDR4’s peak capacity.
The new DDR5 modules will be able to work at a lower voltage of 1.1v in comparison to DDR4’s 1.2v.
We can expect DDR5 memory modules to arrive by 2021 and initial adoption will be seen in the server market.
- How To Enable Nested Virtualization In KVM In Linux - OSTechNix
- modprobe -r kvm_intel
modprobe kvm_intel nested=1
vi /etc/modprobe.d/kvm.conf
kvm_intel nested=1
cat /sys/module/kvm_intel/parameters/nested
- Introduction to Python for Data Science - LinuxLinks
- vSphere 7 with Kubernetes - Getting Started Guide - The IT Hollow
- 5 Risks You Need to Remember When Securing Your Containers
- Enable Microservices
Reliance on a Base Image
Container Visibility
Container Communication
Container Configuration
How Organizations Can Address These Risks
Use trusted base images only to build your containers
Prevent containers from acquiring new privileges
Adopt a policy of image scanning
- Securing Digital Transformation on a Budget - Security Boulevard
- Myspace Wasn't a Simpler Time, We Were Just Teenagers
- Critical SAP Recon flaw exposes thousands of system to full take overSecurity Affairs
- New Forrester Report: Build a Developer Security Champions Program - Security Boulevard
- Ransomware infected systems at Xchanging, a DXC subsidiarySecurity Affairs
- Try2Cry ransomware implements wormable capabilitySecurity Affairs
- Vulnerability Management Maturity Model | SANS Institute
- Install MITRE ATT&CK Navigator in an isolated environment - Koen Van Impe - vanimpe.eu
- Vagrant and Docker Builds : ORDS 20.2 and SQLcl 20.2 Updates | The ORACLE-BASE Blog
- Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private
- dorkScanner - A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs
- GoGhost - High Performance, Lightweight, Portable Open Source Tool For Mass SMBGhost Scan
- Critical flaw allows hackers to breach SAP systems with ease | CSO Online
- Application Security is a Team Sport. Is Your Team Winning? | Pivot Point Security
- Healthscare – An Insider's Biopsy of Healthcare Application Security - Black Hat USA 2020 | Briefings Schedule
- Get Cutting-Edge Healthcare Cybersecurity Insights ...
- What Is a Man-in-the-Middle Attack? How It Works and How to Stay Safe from It
- Stress and SOC Staff BurnoutRafeeq Rehman – Personal Blog
- The Four Phases of Offensive Security Teams :: malicious.link — welcome
- Adversarial
Hammer
Friendship
Adversarial Friendship
- X64Dbg - An Open-Source X64/X32 Debugger For Windows
- OWASP Top 10 Versus OWASP ASVS: Recommendations and Roadmap | Pivot Point Security
- Insider Info: Early CMMC Certification + Provable NIST 800-171 Compliance can be a Competitive Advantage for DoD Suppliers | Pivot Point Security
- How High a Hurdle is CMMC Compliance for Today’s DoD Suppliers? | Pivot Point Security
- Did Your Town Benefit From PPP Loans? Check This Map to Find Out
- World Economic Forum outlines three steps for cyber security success - IT Governance UK Blog
- 1. Organisational security
2. Product security
3. Infrastructure security
- From the OWASP Top Ten(s) to the OWASP ASVS - Jim Manico - YouTube
- Doc Searls Weblog · Home is where one’s butt is
- "Dorothy Parker said (or is said to have said) that she preferred the company of younger men “because their stories are shorter.” "'
I’m optimistic about the long-run future, though the short run will surely get worse before it gets better. (Bad things happen when people die at wartime rates and large hunks of the economy are turned off.)
- Cross-Functional Collaboration Is Key to Industrial Cybersecurity - Blog | Tenable®
- LOLBAS
- Ubiquiti EdgeRouter :: netboot.xyz
- Firmware Downloads
- HowTo Change Port Type in Mellanox ConnectX-3 Adapter
- Lawsuits After Ransomware Incidents: The Trend Continues
- How Ekans Ransomware Targets Industrial Control Systems
- HHS Hopes to Tackle Long-Stalled Regulatory Tasks
- Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #5
- Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #4
- Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #3
- Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #2
- Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #1
- HowTo Find Mellanox Adapter Type and Firmware/Driver version (Linux)
- PXELINUX-Multi-Arch - Syslinux Wiki
- LiveCDNetboot - Ubuntu Wiki
- Debian Stretch diskless machine via PXE boot - G.Melikov's blog
- Windows Aliases for Terraform and Git - Wahl Network
- How to Restore Active Directory from a Backup? | Windows OS Hub
- CCPA Enforcement: What to Expect Now - HealthcareInfoSecurity
- A Paramedic's Lessons for Cybersecurity Pros
- Comprehensive Guide on Broken Authentication & Session Management
- How my startup was born out of frustration
- HOWTO: Be more productive (Aaron Swartz's Raw Thought)
- Take Control of Working from Home Temporarily – Take Control Books
- DIY Wifi Router Access Point With Raspberry Pi | nickearl.net
- Controlling Pi-Hole with Physical Buttons | nickearl.net
- How to Customize the Ubuntu Boot Splash Screen and Logo
- How to avoid common cloud migration challenges
- What is Patch Management?
- Is HGST a good brand? Are HGST drives reliable? - The Silicon Underground
- Secure your IT systems with Duo Multi Factor Authentication (Duo MFA)
- espanso: An Open Source Cross-Platform Text Expander
- Generate Rainbow Tables and Crack Hashes in Kali Linux Beginner's Guide
- NetBSD Blog
- RiskSense: Full Spectrum Risk-Based Vulnerability Management
- A look at password security, Part II: Web Sites - The Mozilla Blog
- Display Virtualization Systems Stats With Virt-top In Linux - OSTechNix
- How COVID Pandemic is Making IT Operations Analyst Jobs More Stressful | APMdigest - Application Performance Management
- IT Operations Teams Were Already Stressed
Even before the pandemic started this "new normal" mode of operations, IT operations teams were stressed to deliver more with less. According to a survey of 1300 IT professionals by BigPanda from earlier this year:
■ Innovation and CI/CD culture have increased normal operational workloads by 50%. The majority of the surveyed (53%) expect their NOC/ITOps workloads to increase even more in the next two years.
■ ITOps & NOC teams experience fast-moving IT stacks. These technology changes — whether they were necessitated by faster development needs, or were hyper-scale architecture based changes, or technical debt based — almost always require additional training and insights into the stacks as well as additional qualified analysts.
■ About 47% of respondents see constant application and code changes and 39% experience constant infrastructure changes — most of them see multiple daily changes, sometimes even hourly changes.
To keep up with this, ITOps teams have requested more budget, more automation tools, and more qualified analysts. However, very surprisingly,
■ 56% of them expected their IT budgets to stay flat. And 21% expected their IT operations budgets to shrink.
■ Worldwide IT spending is projected to trim down to $3.4 trillion in 2020, down 8% from 2019, according to Gartner.
- Protecting Your Portfolio From Hyperinflation, Deflation, Confiscation, and Devastation — My Money Blog
- This booklet’s primary advice regarding risky assets is loud and clear: your best long-term defense against deep risk is a globally value-tilted diversified equity portfolio, perhaps spiced up with a small amount of precious metals equity and natural resource producers, TIPS, and, if to your taste, bullion and foreign real estate.
- Massive Deletes | Oracle Scratchpad
- Your Security Products Are Insecure, With Data - EtherealMind
- “The only class of software that has more bugs than security software is QA software”
- How to Fix 3.3v Power Issues with Hard Drives | nickearl.net
- The Pesky PWDIS Feature In Newer SATA Specs | Tom's Hardware
- Kung Fu Nuns Of Kathmandu Honored For Empowering Girls : Goats and Soda : NPR
- What Is a Side-Channel Attack? How Hackers Crack Security Without Touching It
- 5 PC Parts That Tend to Die: How to Extend Their Lifespans
- How to Use the Rule of Thirds in Photography
- Applying the 80-20 Rule to Cybersecurity
- Principle 1: Develop and Govern a Healthy Security Culture
According to Mike Gentile — president and CEO at CISOSHARE and someone who has worked as a chief information security officer for many years — a lot has changed in the security space by 2020, but two things remain the same:
1. Senior executives don't prioritize cybersecurity enough for security programs to be fully effective.
2. The reason for point No. 1 is not that executives don't care — they do, and they don't want their name in the headlines after a breach — but that they lack a clear definition of security.
Principle 2: Manage Risk in the Language of Business
Principle 3: Establish a Control Baseline
Principle 4: Simplify and Rationalize IT and Security
Principle 5: Control Access with Minimal Drag on the Business
Principle 6: Institute Resilient Detection, Response and Recovery
- Multiple Ways to Banner Grabbing
- What are my next steps after writing my first Selenium WebDriver test? - EvilTester.com
- Because sometimes it's hard... some tips for "Working with WebDriver" - EvilTester.com
- How to protect Windows networks from ransomware attacks | CSO Online
- Watch out for unauthorized tools, scripts and Group Policy settings
Identify employees at high risk for targeted phishing attacks
Review Group Policy domain and script folders for malicious files
Use multi-factor authentication for privileged accounts
Review your backup strategies.
- malwareunicorn.org
- Chief Information Security Officer (CISO) Workshop - Security documentation | Microsoft Docs
- Google - Site Reliability Engineering
- 7 points your security team needs to know about IPv6 (but probably doesn't) | CSO Online
- 1. IPv6 is more popular than most realize
2. Employees use IPv6
3. IPv6 is already in your enterprise
4. IPv6 is no more or less secure than IPv4
5. Vendor products lack IPv6 security features
6. Unprepared security teams can stop IPv6 deployment
7. IPv6 needs to be secured from the onset, not retroactively
- Nginx and LDAP Authentication – Stuff I'm Up To
- Custom NiFi Load Balancing Processor – David Vassallo's Blog
- CISSP salary expectations - The Silicon Underground
- How to Deal With the Microsoft Outlook IP Blacklist - LinuxBabe
- An Anatomy of a Suspicious Website | Alexander's Blog
- Weekly Tech Roundup #12 | Andrea Fortuna
- “The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom” – Isaac Asimov
- Wietze Beukema: almost 300 Windows 10 executables are vulnerable to DLL hijacking | Andrea Fortuna
- Ransomware Characteristics, Attack Chains and Mitigations | CyberWatch
- America is Falling Because You Can't Maintain a Democratic Republic With a Stupid Population | Daniel Miessler
- Harari model
- Weekly Cybersecurity Roundup #13 | Andrea Fortuna
- “Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.” – Bruce Schneier
- DIY MechBoard64 – Dangerous Prototypes
- Learn The Secrets Of Matching Bottle Cap Threads To One Another | Hackaday
- Stack rank: An employee perspective - The Silicon Underground
- Shut Up and Encrypt
- Frugal Radio: 2020 SDR Guide Ep 1 – The Incredible World of Software Defined Radio (RTL-SDR, Airspy, SDRPlay etc.)
- GitHub - koriwi/freedeck-hardware: all the stuff you need to build your own FreeDeck
- Salvaged Drill Gets A Magnetic Upgrade | Hackaday
- The New Retirement Model | People Centre
- Trump confirms cyberattack against Russian trolls during 2018 midterms | Engadget
- Network Admin Stuff: Networking Next Step
- Network Admin Stuff: ip-geo-location
- Bootloader Fix on NVMe Drive - Cyber Kingdom of Russell John
- How to Enable, Disable Keyboard, Mouse and Touch Devices via Terminal
- Learn NixOS by turning a Raspberry Pi into a Wireless Router | Quansight Labs
- The ACM Digital Library Should Remain Open : Scott Schneider
- Hitting the Books: What astronauts can learn from nuclear submariners | Engadget
- Collecting Nginx metrics with the Prometheus nginx_exporter -- Prefetch Technologies
- Improving my Linux diff experience with icdiff -- Prefetch Technologies
- Book Freak #46: How to Have a Happy Family | Cool Tools
- Ask three questions at your weekly family meeting
“1. What things went well in our family this week?
2. What things could we improve in our family?
3. What things will you commit to working on this week?”
The Secrets of Happy Families: Improve Your Mornings, Tell Your Family History, Fight Smarter, Go Out and Play, and Much More Paperback – December 31, 2013
by Bruce Feiler
- Book Freak #44: Dalai Lama’s Tips for Happiness | Cool Tools
- When life becomes overwhelming stop and reflect
“When life becomes too complicated and we feel overwhelmed, it’s often useful just to stand back and remind ourselves of our overall purpose, our overall goal. When faced with a feeling of stagnation and confusion, it may be helpful to take an hour, an afternoon, or even several days to simply reflect on what it is that will truly bring us happiness, and then reset our priorities on the basis of that. This can put our life back in proper context, allow a fresh perspective, and enable us to see which direction to take.”
Train your mind to be resilient to disturbing events
“Through training, we can change; we can transform ourselves. Within Buddhist practice there are various methods of trying to sustain a calm mind when some disturbing event happens. Through repeated practice of these methods we can get to the point where some disturbance may occur but the negative effects on our mind remain on the surface, like the waves that may ripple on the surface of an ocean but don’t have much effect deep down. And, although my own experience may be very little, I have found this to be true in my own small practice. So, if I receive some tragic news, at that moment I may experience some disturbance within my mind, but it goes very quickly. Or, I may become irritated and develop some anger, but again, it dissipates very quickly. There is no effect on the deeper mind. No hatred. This was achieved through gradual practice; it didn’t happen overnight.“
Begin every new encounter with a positive attitude
“If you approach others with the thought of compassion, that will automatically reduce fear and allow an openness with other people. It creates a positive, friendly atmosphere. With that attitude, you can approach a relationship in which you, yourself, initially create the possibility of receiving affection or a positive response from the other person. And with that attitude, even if the other person is unfriendly or doesn’t respond to you in a positive way, then at least you’ve approached the person with a feeling of openness that gives you a certain flexibility and the freedom to change your approach as needed.”
View your struggles as growth opportunities
“Imagine what it would be like if we went through life never encountering an enemy, or any other obstacles for that matter, if from the cradle to the grave everyone we met pampered us, held us, hand fed us (soft bland food, easy to digest), amused us with funny faces and the occasional ‘goo-goo’ noise. If from infancy we were carried around in a basket (later on, perhaps on a litter), never encountering any challenge, never tested – in short, if everyone continued to treat us like a baby. That might sound good at first. For the first few months of life it might be appropriate. But if it persisted it could only result in one becoming a sort of gelatinous mass, a monstrosity really – with the mental and emotional development of veal. It’s the very struggle of life that makes us who we are. And it is our enemies that test us, provide us with the resistance necessary for growth.”
- Building a data-driven culture with a data analysis framework
- AWS Well-Architected Framework – Updated White Papers, Tools, and Best Practices | AWS News Blog
- NetMotion surveys industry experts on remote access, COVID-19, and the future of VPN & SDP | NetMotion Software
- Ben Garfinkel on scrutinising classic AI risk arguments - 80,000 Hours
- This Website Runs On A Solar Charged Raspberry Pi: Here’s How
- Unable to Access SYSVOL and NETLOGON folders from Windows 10 | Windows OS Hub
- How To Network Boot (PXE) The Ubuntu LiveCD
- How To Use Linux Screen | Linuxize
- Experts found allegedly intentional backdoors in C-Data FTTH devicesSecurity Affairs
- Easily Resize LVs and Underlying Filesystems - A Random Walk Down Tech Street
- Recover Space By Finding Deleted Files That Are Still Held Open. - A Random Walk Down Tech Street
- Who's making your log file grow in SQL Server? – Dimitri's Wanderings
- Disk speed IO test tool – it's notes
- http://woshub.com/how-to-measure-disk-iops-using-powershell/
https://gallery.technet.microsoft.com/DiskSpd-A-Robust-Storage-6ef84e62
diskspd.exe –c10G -d300 -r -w40 -t8 -o32 -b64K -Sh -L c:\diskpsdtmp.dat > c:\DiskSpeedResults.txt
- Discover all headsets used in #MicrosoftTeams PowerBI report – msunified.net
- Running Systems » Blog Archive » Linux LVM explained
- Pi-Hole and Plusnet - Stuart Moore
- FreeRADIUS and Docker – Stuff I'm Up To
- Enterprises That Stopped IT Cloud Migrations Had 2.5x Outages During Global Pandemic | APMdigest - Application Performance Management
- Software Failures Cost the Enterprise Software Market $61 Billion Annually | APMdigest - Application Performance Management
- Atomic Host 101 Lab Part 5: Containerized and Non-Containerized Applications - A Random Walk Down Tech Street
- Atomic Host 101 Lab Part 4: Package Layering, Experimental Features - A Random Walk Down Tech Street
- Atomic Host 101 Lab Part 3: Rebase, Upgrade, Rollback - A Random Walk Down Tech Street
- Atomic Host 101 Lab Part 2: Container Storage - A Random Walk Down Tech Street
- Atomic Host 101 Lab Part 1: Getting Familiar - A Random Walk Down Tech Street
- Atomic Host 101 Lab Part 0: Preparation - A Random Walk Down Tech Street
- Encrypting More: /boot Joins The Party - A Random Walk Down Tech Street
- qemu-img Backing Files: A Poor Man's Snapshot/Rollback - A Random Walk Down Tech Street
- TermRecord: Terminal Screencast in a Self-Contained HTML File - A Random Walk Down Tech Street
- Configuring PXE Network Boot Server on Ubuntu 18.04 LTS – Linux Hint
- ParamSpider - Mining Parameters From Dark Corners Of Web Archives
- Infosecurity.US - https://infosecurity.us - AppSecCali 2020 - Christian Folini's 'Practical OWASP CRS In High Security Settings'
- Lightning Talk: Purple is the new black: Modern Approaches to Application Security - Tanya Janca - YouTube
- Health Data Breach Trends: A Mid-Year Assessment
- More than half of Canadians admit to have been a victim of cybercriminals - Security Boulevard
- Conti Ransomware Deemed a Possible Successor of Ryuk
- Police Buy Hacked Data, to Fish for Evidence—Is That Even Legal? - Security Boulevard
- Accelerate CMMC Compliance with NIST and DFARS | PreVeil
- NBlog - the NoticeBored blog: NBlog July 11 - the small but perfectly formed ISMS
- OPSWAT Deep CDR now supports DICOM file format | OPSWAT
- 5 Ways to Upgrade Your Email Marketing Signature – Content Marketing
- The Secret Service Tried to Catch a Hacker With a Malware Booby-Trap
- As Offices Reopen, Hardware from Home Threatens ...
- Remote Security Operations Center Concerns | ARIACybersecurity - Security Boulevard
- Black Hat USA Debuts Cyber-Physical Systems ...
- Review of the Uputronics GPS/RTC Raspberry Pi Expansion Board - Articles
- ORDS 20.2 & the Database Management REST APIs, Updated – ThatJeffSmith
- Recursive WITH upgrade | Oracle Scratchpad
- Erman Arslan's Oracle Blog: Tips for Exadata POCs -- Exadata X8-2M , 19C Database Version, Oracle RAT and Data Masking
- OWASP Threat Dragon - Cross-Platform Threat Modeling Application
- Bad Governments on the Left and Right Meet in the Middle | Daniel Miessler
- Exploit known, F5 BIG-IP appliances urgently need patching | Born's Tech and Windows World
- What you need to know about Azure Reserved Instances, AHB and WVD
- Zoom & Teams not GDPR compliant useable | Born's Tech and Windows World
- 0patch for 0-day RCE vulnerability in Zoom for Windows | Born's Tech and Windows World
- Thunderbolt 4 introduced | Born's Tech and Windows World
- 6 Different Ways to List Disks in Linux Command Line
- 1. df
2. fdisk
3. lsblk
4. cfdisk
5. parted
6. sfdisk
- Comparing 3 Great Web Security Books · System Overlord
- Real-World Bug Hunting
Web Application Hacker’s Handbook
The Tangled Web
- Hugo: a static-site generator [LWN.net]
- A Hundred Days of Code, Day 003 - Methods | Janusworx
- A Hundred Days of Code, Day 002 - Basic Exercises | Janusworx
- A Hundred Days of Code, Day 001 - Beginning With Classes | Janusworx
- 12+ Free (or Low-Cost) Websites to Empower Your Programming Education | Codementor
- Virtualization Is Key to the Future of IT. Therefore ... What? | Articles
- JR East Redesigns All 78 of Their Central Tokyo Train Station Stamps | Spoon & Tamago
- step by step configure pxeboot server in Ubuntu | PXE network boot server - linuxtopic
- # Clonezilla pxelinux.cfg default entry
LABEL 2
MENU LABEL ^2) Clonezilla Live
KERNEL clonezilla/live/vmlinuz
APPEND ramdisk_size=32768 initrd=clonezilla/live/initrd.img boot=live union=overlay username=user config components noswap edd=on nomodeset noeject locales=en_US.UTF-8 keyboard-layouts=NONE net.ifnames=0 ocs_live_extra_param="" ocs_live_keymap="NONE" ocs_live_batch="yes" ocs_lang="en_US.UTF-8" vga=788 ip=frommedia nosplash fetch=tftp://172.17.199.199/clonezilla/live/filesystem.squashfs
- https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/tech-brief/tech-brief-western-digital-power-disable-pin.pdf
- 3.3v Pin Reset - Album on Imgur
- Update on Easy PXE boot testing post: minus PXELINUX - A Random Walk Down Tech Street
- TFTP Server Logs (or lack there of) · Chris Schuld
- tcpdump or bust.
tcpdump port 69 -v
- Can Employees Be Fired For Revealing Positive COVID-19 Cases At Their Workplaces? - FindLaw
- Save time at the command line with HTTPie instead of curl | Enable Sysadmin
- script-server (Web UI for scripts) | panticz.de
- How to convert an ISO to a Docker image - TechRepublic
- Right-to-repair advocates say hospitals need new rules to keep equipment working - The Verge
- IT careers: How to get a job as a DevOps professional | The Enterprisers Project
- Direnv - Manage Project-Specific Environment Variables in Linux
- Managing tasks with todo.txt and Taskwarrior [LWN.net]
- Ludicrously cheap HDMI capture for Linux
- Doc Searls Weblog · The Future of Now
- Windows Terminal: The Ultimate Guide
- How to Add Voice to Your PowerShell Scripts
- Phase 4 FAQ: Neutral Cost Recovery and Expensing
- #MoreOnionsPorfavor: Onionize your website and take back the internet | Tor Blog
- LasLabs Blog | PXE booting with Ubiquiti EdgeRouter - LasLabs Blog
- configure
edit service dhcp-server shared-network-name dlasley.net subnet 192.168.69.0/24
set bootfile-server 192.168.69.100
set subnet-parameters "filename "/pxe-boot/pxelinux.0";"
set bootfile-name /pxe-boot/pxelinux.0
commit
save
- The Simplest TS100 Upgrade Leads Down A Cable Testing Rabbit Hole | Hackaday
- TS100
- Cryptography Dispatches: DSA Is Past Its Prime
- Notorious - A New Keyboard-Driven Note Taking App for Linux
- Executing Ansible playbooks in your Amazon EC2 Image Builder pipeline : idk.dev
- I/O reporting from the Linux command line | Enable Sysadmin
- Laptop migration
- How To Optimize Ubuntu for Speed – Freedom Penguin
- Amazon tunes in OTA TV channels through Fire TV Cube | FierceVideo
- How to prepare for the SLES 15 Admin certification. - Blog dbi services
- The History of the Barcode – Running Your Business
- The 10 Best Scanning Tools for Linux System in 2020
- How to Decode Apple Version and Build Numbers - TidBITS
- How To Migrate Virtualbox VMs Into KVM VMs In Linux - OSTechNix
- Introducing OpenShift cost management: A human-readable view into cloud-native application costs
- Beyond simply providing a unified view of a deployment’s cost landscape, OpenShift cost management also enables:
Cost models for applying markup ratios to monitored infrastructure, helping to reflect the real costs of a production environment.
Tagging to map charges to projects and internal organizations, using an organization’s existing taxonomy.
- The myth of NoSQL (vs. RDBMS) "joins dont scale" - Blog dbi services
- Red Hat Insights: Your very own security consultant | Enable Sysadmin
- What RHEL security-related features does Red Hat Insights offer? Well, here is a short overview:
Advisor - detects existing security issues on RHEL systems and recommends solutions to remediate.
Compliance - analyzes the level of compliance a RHEL system environment has to an OpenSCAP policy.
Drift - compares RHEL hosts to each other to identify and further troubleshoot differences.
Patch - determines which product advisories may apply to an organization's specific RHEL instances.
Policies - enables organizations to define and monitor for specific internal policies.
Vulnerability - reports and remediates on CVEs that impact RHEL systems (in cloud or on-premises).
- Django Testing Toolbox · Matt Layman
- Testing Accidents – Mike Blumenkrantz – Super. Good. Code.
- New Oracle Machine Learning Features in 19c and 20c « Oralytics
- How to create HostPath persistent volume in Kubernetes - UX Techno
- COVID Diaries Pt. 5 | Greyhawk's Meanderings
- Covid Diaries Pt. 6 | Greyhawk's Meanderings
- Podcasts I’m Playing in 2020 | The Networking Nerd
- Understanding Virtual Environments in Python | Codementor
- Security 101: Encryption, Hashing, and Encoding · System Overlord
- A guide to Terraform for Kubernetes beginners | Opensource.com
- Q is for Quadraphonic (Shallow Thoughts)
- /usr/bin/hda-verb /dev/snd/hwC0D0 0x17 SET_CONNECT_SEL 1
- How to Use Jinja2 Template in Ansible Playbook
- j
- How to use wifi & enable hotspot at the same time - LinuxH2O
- A look at password security, Part I: history and background - The Mozilla Blog
- 20 Things to Know for Becoming a Successful Linux System Administrator
- Building, saving, and loading container images with Ansible | Enable Sysadmin
- GnuPG Frequently Asked Questions
- ssh whoami.filippo.io
- Stressing the network when it's already down
- How To Manage KVM Virtual Machines With Virt-Manager - OSTechNix
- Microsoft Launches Free Service To Spot Malware In Cloud VMs
- Do I Need Swap in Ubuntu? The Realistic Approach - Make Tech Easier
- Extra commas in a CSV
- Sandboxing in Linux with zero lines of code
- Manage KVM Virtual Machines Using Cockpit Web Console - OSTechNix
- All About CLAs and DCOs | ConsortiumInfo.org
- Contributor License Agreement (“CLA”)
Developer Certificate of Origin (“DCO”)
- More stupid Bash tricks: Variables, find, file descriptors, and remote operations | Enable Sysadmin
- Flask project setup: TDD, Docker, Postgres and more - Part 3 - The Digital Cat
- How to Secure and Harden OpenSSH Server
- Some PSAs for NUC owners | Armed and Dangerous
- Fraunhofer test: Huge security flaws in common home routers | Born's Tech and Windows World
- Welcome to the Digital Nomad Life
- How to workaround vCenter Update Planner Update installation failed during VCSA 7.0 update | TinkerTry IT @ Home
- 20 Years of ORACLE-BASE.com | The ORACLE-BASE Blog
- Meet CutiePi: A 100% Open Source And Ultra-Portable Raspberry Pi Tablet
- Oracle ACFS: "du" vs. "df" and "acfsutil info" - Blog dbi services
- Chris's Wiki :: blog/tech/TLSWhatIsSelfSignedCert
- Google records every search and YouTube playback | Born's Tech and Windows World
- Offline Domain Join using PowerShell and c# - LazyWinAdmin
- Keeping virtual Domain Controllers apart on trusted VMware vSphere hosts - The things that are better left unspoken
- Chris's Wiki :: blog/tech/TLSHowMultipleChains
- MedSeg: AI(Artificial Intelligence)-based Free Online Segmentation Tool for Radiological Images
- ThinkPad BIOS update on a stick!
- Create USB Multiboot GNU/Linux with GLIM
- The Complete Guide to ESXCLI Installation and VIB
- Security 101: Beginning with Kali Linux · System Overlord
- DogstarRadio.com Sirius Radio Satellite and Repeater Map
- Backup Awareness Month, Backblaze, And A Simple Question | PenguinPunk.net
- New Tech Vocabulary for 2020 Could Break Software Compatibility
- It may become interesting for closed-source blobs, if some companies pledge not to ship any software or firmware with any reference to slavery in the source code.
- DBA Appreciation Day | Late Night Oracle Blog
- A Complete Guide On Discord Text Formatting: Strikethrough, Bold & More
- List of data breaches and cyber attacks in June 2020 – 7 billion records breached - IT Governance UK Blog
- DDoS Attacks Increase Almost 300% in Just One Year, Study Shows
- On a year-over-year comparison with Q1 2019, there's a 278.17% increase. Compared to Q4 2019, that increase jumps to 542.46%. As for the attack size, the numbers don't get any higher. The biggest attack registered 176.29 Gbps, a 21.25% increase from Q1 2019, and the average sits at 1.385 Gbps, a 68.20% increase since Q1 2019.
DDoS attacks are becoming more sophisticated, and criminals no longer want just to cripple a website or an online service. They are deploying smaller attacks that might not trigger protections at the ISP level, but which are powerful enough for other purposes.
"The attacks are characterized in the size range of 1Gbps and 5Gbps which from our experience often last less than 15 mins and create less than 200 events per day," says the Nexusguard report.
- John the Ripper explained: An essential password cracker for your hacker toolkit | CSO Online
- How to Build Ansible Inventory in JSON Format – Linux Hint
- Tips and tricks for curl and wget | Enable Sysadmin
- 7 IoT Tips for Home Users
- Change Default Passwords
Think With Your Head
Inventory Your Assets
Segment the Home Network
Buy Products from Companies That Care about IoT Security
Patch and Update Frequently
Look for 5G SIMs
- Panzer General - A supreme classic revisited
- KITT-Lite - Python-Based Pentesting CLI Tool
- KITT-Lite
- PCI - A Checklist for Preparing for Your Organization's Next Audit
- OWASP Application Security Verification Standard
- Web App Developers Don’t Need to Be Security Experts to Use the OWASP ASVS | Pivot Point Security
- Your Phone Is Vulnerable Because of 2G, But it Doesn't Have to Be | Electronic Frontier Foundation
- Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark
- Kube-Bench
- HackerOne Reveals Top 10 Bug-Bounty Programs
- Data Breach Settlement Has an Unusual Provision
- Troy Hunt: Sustaining Performance Under Extreme Stress
- Consumer Audit Trail for Data Analysis & Risk Assessment | Identity Blog
- Catches of the month: Phishing scams for July 2020 - IT Governance UK Blog
- "Don't Believe Proven Liars": The Absolute Minimum Standard of Prudence in Merger Scrutiny | Electronic Frontier Foundation
- "There's a sucker born every minute" -Traditional (often misattributed to PT Barnum)
"Insanity is doing the same thing over and over again, but expecting different results." -Rita Mae Brown (often misattributed to Albert Einstein)
"Once is happenstance. Twice is coincidence. The third time it’s enemy action." -Ian Fleming
- Best Deception Protection for Active Directory | Fidelis Cybersecurity
- IIS-Raid - A Native Backdoor Module For Microsoft IIS (Internet Information Services)
- Chris's Wiki :: blog/solaris/ZFSHierarchyQuotaLack
- All My Stripes: The New Business Imperative of LGBTQ+ Inclusion - Security Boulevard
- “Don’t talk, just act. Don’t say, just show. Don’t promise, just prove.” -Hiroko Tsuchimoto
- It just works - Backup compression on TDE databases - Microsoft Tech Community - 1500316
- TLS certificates are a top security concern for businesses
- DSHR's Blog: Bill Shannon RIP
- Pci passthrough - Proxmox VE
- Ripple20 Threatens Increasingly Connected Medical ...
- What AppSec Can Learn From Developers’ Feature Bug Workflows
- SIFT Workstation Download
- Firefox 78 is out – with a mysteriously empty list of security fixes – Naked Security
- Innovation Tips and Priorities for Mid-sized Law Firms | DennisKennedy.Blog
- Stupid Bash tricks: History, reusing arguments, files and directories, functions, and more | Enable Sysadmin
- sudo systemctl status sshd
!!:s/status/start/
sudo systemctl start sshd
echo “HISTSIZE=5000” >> ~/.bashrc && source ~/.bashrc
unset HISTFILE && exit
kill -9 $$
pwd
ls some/very/long/path/to/some/directory
cd $_
pwd
- Deploying a static website with Ansible | Enable Sysadmin
- How to Create DNS Records in NameCheap - LinuxBabe
- Maze Ransomware operators hacked the Xerox CorporationSecurity Affairs
- Pandemic Shows Need for Digital Enterprise Strategy - Security Boulevard
- InfiniBand Software on Linux
- Microsoft releases emergency security updates to fix codecsSecurity Affairs
- Fix mellanox element required kernel modules and user space packages · 07e34f90e7 - diskimage-builder - OpenDev: Free Software Needs Free Tools
- dkms:
ibacm:
ibutils:
ibverbs-utils:
infiniband-diags:
libibcm:
libibcommon:
libibmad:
libibumad:
libibverbs:
libibverbs-runtime:
libmlx4:
libmlx4-dev:
libmlx5:
librdmacm:
librdmacm-dev:
librdmacm-runtime:
mstflint:
opensm:
pciutils:
perftest:
qperf:
rdma:
rpm-build:
srptools:
vlan:
- Flash OEM (IBM) Mellanox ConnectX-3 EN with stock firmware? | ServeTheHome Forums
- flint -d <device> query full > flint_query.txt
flint -d <device> hw query > flint_hwinfo.txt
flint -d <device> ri orig_firmware.bin
flint -d <device> dc orig_firmware.ini
flint -d <device> rrom orig_rom.bin
mlxburn -d <device> -vpd > orig_vpd.txt
- How WFH is Changing Endpoint Security - Hysolate
- Google Online Security Blog: System hardening in Android 11
- vSphere Releases 7.0b and 7.0bs - VMware vSphere Blog
- How to Upskill Your DevOps
- How to Upskill Your Team with Kubernetes - Security Boulevard
- How We Dealt With Our "Bathroom Issue" | Penniless Parenting
- Not All Vulnerabilities Are Created Alike: Focus on What Matters Most - Blog | Tenable®
- Docker Swarm Cheatsheet - buildVirtual
- Missing structure in technical discussions
- Understand Wi-Fi 4/5/6/6E (802.11 n/ac/ax)
- How to Install driver of Mellanox ConnetcX 3 10Gbps Network Adpater in Promxox-VE 5.x or Debian 9 - Steve Dong - A System Administrator's Blog
- UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attackSecurity Affairs
- How to Build the Right Security Assessment - Security Boulevard
- Canadian Loans: A Comparison of 5 Lenders – Running Your Business
- Find Your Most Expensive Lines of Code – Amazon CodeGuru Is Now Generally Available | AWS News Blog
- Cloud Security for a Dynamic Environment – A Checklist | CSO Online
- Public Cloud Security
Shared Responsibility Model
Provider Integration
Private Cloud Security
Software-Defined Security
Application-Centric Security
Hybrid Cloud
Single-Pane Management
Segmentation
Secure Connectivity
- cloud-ranges/companies at master · pry0cc/cloud-ranges · GitHub
- How Cilium Protects Against Common Network Attacks — Cilium
- Sysadmin stories from the trenches: Funny user mistakes | Enable Sysadmin
- Tackling the Cybersecurity Challenges Within the Healthcare Industry | CSO Online
- Linux Cybersecurity: What You Need to Know - LinuxLinks
- Each operating system has its pros and cons:
Apple has excellent built-in system protection tools.
Linux has a safe sandboxing (program) design environment.
Windows has powerful built-in antivirus features.
- GoLang: Links to blog posts – working with Oracle Database « Oralytics
- How to Use Docker Inspect - buildVirtual
- Using Terraform to Deploy the VMware Nested ESXi Appliance · davidstamen.com
- SPDX Specification Becomes the Second ISO/IEC JTC 1 Submission From JDF - The Linux Foundation
- How to get a domain controller into a test failover – SAFELY! – Notes from MWhite
- Sysmon and Alternate Data Streams
- OPSWAT Expands OESIS Framework with Anti-Keylogger and Anti-Screen… | OPSWAT
- 7 Audacity Tips for Better Audio Editing on a Budget
- Continuous Integration (CI) Fundamentals - Wahl Network
- Using Terraform to Deploy the VMware Event Broker Appliance · davidstamen.com
- git clone https://github.com/dstamen/Terraform.git #Clone the Github Repository
cd Terraform/deploy-nested-esxi #Change to Runbook Directory
vi modules/deploy-nested-esxi/main.tf #Update the configuration file to provide your vCenter Server and Appliance Settings and then Save the file
terraform init #Initialize and install the provider if needed
terraform plan #Validate the run book will work
terraform apply #Deploy your VMs!
- How to Check Memory Usage Per Process on Linux – Linux Hint
- Chris's Wiki :: blog/python/DjangoAppAdaptations
- 6 ways HTTP/3 benefits security (and 7 serious concerns) | CSO Online
- The 25 greatest Java apps ever written
- My remotely proctored AWS Certified Solution Architect – Associate exam experience | Patrick Kremer
- The crucial role of Linux in DevSecOps | Oracle Linux Blog
- Minutephysics' 'The Astounding Physics Of N95 Masks' - Security Boulevard
- Dealing with user namespaces and SELinux on rootless containers | Enable Sysadmin
- CubicleNate
- The Major Components of an Embedded Linux System – The New Stack
- CISO MindMap 2020: Summary of Recommendations for Updating Security ProgramsRafeeq Rehman – Personal Blog
- 1. Improve SOC analyst productivity with SOAR
2. Reduction/consolidation of tools/technologies
3. Better protection monitoring of Cloud
4. Explore new architecture models like SASE
5. Consider zero trust and secure enclaves
6. Edge computing security
7. Include deception technologies as part of security tools
8. COVID19 and Work from Home
- OWASP Top 10 Overview
- 9 Types of Cyber Attacks Organizations Must Prepare For - Security Boulevard
- 1. Network intrusion
2. Ransomware
3. Insider threats
4. Brute force attacks
5. DDoS attacks
6. Data exfiltration
7. Malware
8. Compromised credentials
9. Policy violations
- How One College Professor Is Trying to Address the Cybersecurity Skills Gap - Security Boulevard
- As Layoffs Loom, Be Cognizant of Increased Insider Risk
- 4 Ways to Keep Company Data Secure During WFH - Security Boulevard
- Prioritize User Training and Security Policies
Provide Secure Network Access
Have a Zero-Trust Mindset
Zero trust means that organizations should never automatically trust anything or anyone, no matter if these entities are inside or outside the organization.
Keep Systems and Apps Updated Remotely
- The State of WFH Security 3 Months In - Security Boulevard
- Beyond Passing the Test: Lessons from My Infosec Certification Journey
- Setting Up an ISO 27001-Compliant Remote Work Process - Security Boulevard
- From a company’s perspective, some of the most common information security challenges are:
Reduced security on devices used remotely: While at the office, companies have complete control of devices, defining secure physical and electronic layers. In remote work, employees often make use of personal devices and public networks.
Loss of data on remote devices: Lack of proper options for data backup and recovery on remote devices can increase the damage from a data loss incident.
Breach of legal requirements: Outside of the company’s environment, it is more difficult to ensure employees’ compliance with laws (e.g., GDPR) and contract clauses related to data protection.
Low engagement of remote employees with security practices:
Less contact with remote employees can make them less likely to follow security practices.
- Hyperproof Releases New Features to Help Organizations Prepare for Compliance Audits | Hyperproof
- SOC Teams Care Too Much About Detecting Cyberthreats and Not Enough About MTTD - Security Boulevard
- Business Continuity: Planning for the Next Pandemic - Security Boulevard
- 80% of Drivers Don’t Remove Personal Information Before Selling Their Car - Security Boulevard
- OSINT Tip: How to Analyze Exif Data - Security Boulevard
- Software Development Life Cycle: Finding a Model That Works - Security Boulevard
- How to Pass the Test of “Reasonable Security” When It Comes to CCPA - Security Boulevard
- Top 7 must-have cybersecurity books
- Tribe of Hackers: Cyber Advice from the Best Hackers in the World by Marcus Carey (July 23, 2019)
The Ethics of Cybersecurity by Michele Loi (February 10, 2020)
Cybersecurity Essentials by Charles Brooks and Christopher Grow (October 30, 2018)
Cybersecurity – Attack and Defense Strategies by Yuri Diogenes (December 31, 2019)
The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business from Cybercrime by Scott Augenbaum (January 29, 2019)
Cyber Security for Beginners: Understanding Cybersecurity and Ways to Protect Yourself by Ken Douglas (April 24, 2020)
The Hacker Playbook 3: Practical Guide to Penetration Testing by Peter Kim (May 1, 2018)
- Fzf - A Quick Fuzzy File Search from Linux Terminal
- Police Data Leaked: A Sign of the Times? - HealthcareInfoSecurity
- OSS-Fuzz - Continuous Fuzzing Of Open Source Software
- Infosecurity.US - https://infosecurity.us - Using Similar Taxonomies To Understand Present And Future Security Challenges
- Cognizant admitted data breach in April Ransomware AttackSecurity Affairs
- An Oxymoron : Static Analysis of a Dynamic Language (Part 5)
- An Oxymoron : Static Analysis of a Dynamic Language (Part 4)
- An Oxymoron : Static Analysis of a Dynamic Language (Part 3)
- An Oxymoron : Static Analysis of a Dynamic Language (Part 2)
- An Oxymoron : Static Analysis of a Dynamic Language (Part 1)
- Thoughts on the state of enterprise open source - ShiftLeft Blog
- Data Driven Tests in JUnit 4 with Parameterized Tests - EvilTester.com
- Documenting with PowerShell: Documenting DHCP server settings - CyberDrain
- Department of Defense Officials Report on Cyber Risk-Based Decisions - Blog | Tenable®
- CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
- Using Similar Taxonomies To Understand Present And Future Security Challenges - Security Boulevard
- Stop Pitting Privacy Against Public Health, And Start Innovating To Address Both - Security Boulevard
- Hacker Culture Reading List · System Overlord
- ‘BlueLeaks’: Group Releases 270GB of Sensitive Police Documents - VICE
- Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release
- Comparing Office Documents with WinMerge
- The Unintended Harms of Cybersecurity - Schneier on Security
- Scott’s Cyber Safety Primer – Scott Gruby's Blog
- How COVID-19 sparked a revolution in healthcare machine learning and AI
- The 10 Best Free Udemy Courses
- Chasing the Perfect Podcast Microphone Sound | Daniel Miessler
- linuxium.com.au: Demonstrating the usage of 'ISO' tools with a real-life example
- What Is a Custom Android Recovery? Getting Started With TWRP
- What the HEIC? Apple’s Highly Compressed Image Format Still Confuses - TidBITS
- 'Ripple20' Flaws in Medical Devices: The Risks
- Alerts: Vulnerabilities in 6 Medical Devices - HealthcareInfoSecurity
- Linked: Only 31% of Americans concerned with data security, despite 400% rise in cyberattacks
- 1. The company’s data security is the company’s problem, not the employee’s.
That’s not to say that employees don’t care, engaged employees do care if there’s a data breach at their company, and want the company to do well and stay safe overall. But, they haven’t really been given an incentive to care that much. One because many of your employees probably aren’t very engaged at all, and also because:
2. There are no consequences for getting it wrong.
How many times has a senior exec willfully routed around security protocols and faced zero consequences? How many times has someone you worked with fallen for a simple phishing email and had no real consequences? If I know that nothing is really going to happen to me if I am the security weak spot, or that the company isn’t really following it’s own guidelines, why should I spend a lot of time worrying about it? There’s plenty of other things to worry about and focus on. Which is exactly what I take away from this survey.
- Powershell – Hard Link AD Accounts To Existing Office 365 Users | geekdudes
- Replace or repair roof? Know when it's time. - The Silicon Underground
- A user story about user stories | Armed and Dangerous
- LKRG 0.8 Released For Increasing Linux Kernel Runtime Security - Phoronix
- Typical benefits package for employees - The Silicon Underground
- cause 46% of Americans don’t participate. That means 46
- Introduction to Linux-based document management systems | Enable Sysadmin
- Android 3.0 Honeycomb: The Android version we all forgot | Android Central
- Abusing Kerberos Using Impacket
- Track D 03 Stopping Cyberboom Mitiaging User error Ira Winkler - YouTube
- Spyse: All-In-One Cybersecurity Search Engine
- Linked: How The Pandemic Is Forever Changing The Employer-Employee Relationship. And Why That Matters.
- “The tools offices provide natively, the utilities and services and yes, perks, that make working both an effective and human experience, cannot be the sole province of your employees just because the office has moved to the home. Unequal access to dedicated workspaces and better technology will undoubtedly affect work performance. What happens when some of your employees are able to reduce their distractions with dedicated home offices, better tech, daycare, and cleaning services, while others simply can’t afford to do the same? What new costs do you expect employees to foot that didn’t exist prior to the pandemic? It’s time to start asking these hard questions because they are going to be critical from now on, and the companies that thrive will be those that take advantage of the money saved by leaving their office rentals to support their team members. “
- Are home warranty plans worth it? - The Silicon Underground
- What enterprises need to consider on the journey to digital transformation [Q&A]
- An Expanded PowerShell Scripting Inventory Tool • The Lonely Administrator
- Building a PowerShell Inventory • The Lonely Administrator
- Formatting PowerShell TimeSpans • The Lonely Administrator
- WWoIT - Wayne's World of IT: Finding where a user is logging on from
- WWoIT - Wayne's World of IT: Useful PowerShell command-lines #2
- WWoIT - Wayne's World of IT: More useful command-lines
- Apple Cider Vinegar + Dish Soap Fly Trap | Cool Tools
- Fruit flies can materialize in even the most spotless kitchens. Until recently, I had no idea that they could be dealt with in a safe, effective, and cheap manner using apple cider vinegar and dish soap.
By simply pouring apple cider vinegar into an open cup or bowl and adding a drop or two of dish detergent you can easily make an incredibly effective trap for ridding your kitchen of fruit flies. Place it near your fruit bowl or trash can and within a day you will have nipped the problem in the bud.
Apple cider vinegar works as an attractant because of its strong sweet odor while the dish detergent decreases the vinegar’s surface tension so that when a fly touches the surface it immediately sinks and drowns. It’s particularly satisfying to see the collection of flies you have dealt with at the bottom of the glass. This has to be one of the best house keeping tricks I have ever picked up.
- “Tips My Dad Says” 2020 Edition | Cool Tools
- It’s Never Too Early to Teach | Don Jones®
- Ditching X86, Apple Starts An ARM Race | Hackaday
- 20 Essential Photography Accessories for Beginners and Newbies
- 5 Simple Linux Tools For Enhanced Productivity - Tate Galbraith - Medium
- https://en.wikipedia.org/wiki/Single-responsibility_principle
while true; do cat file.txt; echo -e "\n\n$(date)\n\n"; sleep 1; done
openssl x509 -text -noout < cert.pem
openssl x509 -checkend 86400 -noout < cert.pem
cd <dir> && tar --exclude='.*' -czvf logs.tar.gz *.logs
dd if=/dev/urandom of=testfile bs=1024MB count=1
uname -a; echo -e "\n"; dpkg --list | grep linux-image
- Store Data With Models · Matt Layman
- How to stress test your Linux system | Network World
- The Law of Classified Information: A Primer - Lawfare
- BBP: You’ve Just Been Promoted... - The Ethical Hacker Network
- Using Static Analysis to improve your Java Coding - EvilTester.com
- Basic Differences Between JUnit 4 and Junit 5 - EvilTester.com
- All You Need to Know About DNS Spoofing to Keep Your Organization Safe
- Hubbard on Networking: Disable Weak SSH/SSL Ciphers in Cisco IOS
- Turn on MFA Before Crooks Do It For You — Krebs on Security
- NBlog - the NoticeBored blog: NBlog June 26 - things an ISO27k SoA doesn't say
- Balance access control and accountability controls & tune IAM to business
- Data Security in the SaaS Age: Thinking Small
- New Lucifer DDoS botnet targets Windows systems with multiple exploitsSecurity Affairs
- A daily average of 80,000 printers exposed online via IPPSecurity Affairs
- Generating JUnit HTML Reports - EvilTester.com
- Using Both JUnit 4 and Junit 5 - EvilTester.com
- How to fix Java Language Level Issues - EvilTester.com
- What is Software Testing? My working definition. - EvilTester.com
- SauceCon 2020 - Automating Tactically and Strategically - EvilTester.com
- Virtuoso Webinar - The Future of Testing - EvilTester.com
- So You Want to Learn ICS Security… – tisiphone.net
- The Basics of Web Application Security
- Learn how to build a MEAN stack application with this Angular tutorial | Angular Templates
- The Industrial Ethernet Book | Knowledge | Technical Articles | Cyber security model for manufacturing
- Red Hat CEO: We Have A ‘Head Start’ Over VMware, Competitors In Kubernetes
- Announcing SQL Developer, SQL Developer Data Modeler, & SQLcl versions 20.2 – ThatJeffSmith
- Average Cost of a Data Breach: $116M
- Automatically detecting Ransomware infections for free – Virtually Sober
- My venture in hacking a fake vintage radio – Huan Truong's Pensieve
- Calculating your Azure Log Analytics bill when you stream your Azure AD logs to it - The things that are better left unspoken
- On UNIX Shells | Brian Reiter's Thoughtful Code
- Windows 10: Juni 2020 Updates causes BSOD in lsass.exe | Born's Tech and Windows World
- Exploiting Technology Inflection Points - Architecting IT
- Maybe the vendor doesn’t keep up with innovations around new technology, consumption models or automation. Perhaps the vendor decides to revamp a product line that means a change to another vendor is no different from adopting the new strategic platform. Either way, a stagnant or confusing portfolio offers the chance to gain benefits from making a change.
- How to Send Emails Using Amazon Simple Email Service (SES)
- What's new in vSphere 7?Electric Monk | Electric Monk
- Attaching your own CentOS 7 yum repository to AWS SSM - Blog dbi services
- Oracle Cloud basics for beginners - Blog dbi services
- Upgrade Webinars 1 and 2 - A quick recap, slides download and more
- Bad Quality Intel Chips Motivated Apple To Choose ARM, Says Ex-Intel Engineer
- “It was abnormally bad. We were getting way too much citing for little things inside Skylake. Basically our buddies at Apple became the number one filer of problems in the architecture. And that went really, really bad.”
- Customize your Linux terminal with your favorite logo | Opensource.com
- 10 Best Linux Apps You Must Have For Everyday Use [2020 Edition]
- 1. Liferea — Feed Reader
2. Fragments — A BitTorrent Client
3. GNOME Boxes — Virtual Machine Solution
4. Krita — A Digital Painting App
5. Podcasts — GNOME Podcast Client
6. Calibre — E-book Manager
7. VSCode — Free Code Editor
8. Stacer — Linux System Optimizer
9. KTouch —Typing Tutor
10. Déjà Dup — A Backup Tool
- Break Out of Your Career Rut | People Centre
- Raspberry Pi High Quality Camera powers up homemade microscope - Raspberry Pi
- REvil ransomware gang scans healthcare victim's network for PoS systemsSecurity Affairs
- Gungjung Tteokbokki with Tofu Recipe, Korean Royal Court Rice Cake Stir Fry, Gluten Free, Vegan | Penniless Parenting
- Microsoft Defender ATP Now Available For Ubuntu And Other Linux Distros
- The ineffective CISO – Open Source Security
- What enterprise developers need to know about security and compliance - Red Hat Developer
- GitHub - r-darwish/topgrade: Upgrade everything
- Are 14 people really looking at that product? - Dev Genius - Medium
- It’s Time to Start Learning Coding: Top 20+ Best Websites To Learn Programming in 2020 | Codementor
- A look at the ESP8266 for IoT [LWN.net]
- 5 modern alternatives to essential Linux command-line tools | Opensource.com
- ncdu
htop
tldr
jq
fd
- Getting Started with GIMP
- How to assess user activity in Linux | Network World
- Automated MythTV-related maintenance tasks
- GitHub - 1N3/Sn1per: Automated pentest framework for offensive security experts
- Linux Ransomware - Notorious Cases and Ways to Protect - Hacked
- Setting up a home NAS system: Sysadmin After Dark | Enable Sysadmin
- Windows 10 May 2020 Performance For WSL vs. WSL2 - Phoronix
- TASMOTA Now Supports ESP32 Targets including some Ethernet and Camera Boards
- COVID-19 May Have Just Saved US Healthcare ~ Cyber Thoughts
- The latest headless CMS, a new Firefox release, huge leaps in open source audio engineering, and more open source news | Opensource.com
- Healthcare CISOs Share COVID-19 Response Stories
- Meet the Groundswell of Open Source COVID-19 Efforts
- Testing Intel FSGSBASE Patches For Helping Elevate Linux Performance - Phoronix
- FSGSBASE
- Planned vs. Perceived Obsolescence — My Money Blog
- How to Disable Dock on Ubuntu 20.04 [The Easy Way]
- gnome-extensions enable ubuntu-dock@ubuntu.com
gnome-extensions disable ubuntu-dock@ubuntu.com
- Core Modernization Leads the way to Business Success
- Adding Observability To Your Python Applications With OpenTelemetry - The Python Podcast
- Red Hat Enterprise Linux 8.2 brings faster Python 3.8 run speeds - Red Hat Developer
- Use Azure, they said. It will be fun, they said. | a Linux Rat in the Lab
- LinuxCheck: Linux information gathering tool | Andrea Fortuna
- Doc Searls Weblog · So far, privacy isn’t a debate
- 6 Best Netflix Chrome Extension To Make The Most Out Of Netflix In 2020
- How to Download and Install RHEL 8 for Free
- Gestalt IT Podcast - Orchestration is the reason enterprises haven’t adopted containers. - CormacHogan.com
- Configurig the postfix MTA to securely forward to a smarthost on macOS | Brian Reiter's Thoughtful Code
- The 10 Best Linux Hardware and System Info Tools in 2020
- CPU-X
I-NEX
Hardinfo
KDE HAL Device Manager
lshw-gtk
Sysinfo
Neofetch
HWinfo
CPU-G
KInfoCenter
- Top 6 Free and Open Source Video Conferencing Solutions for Education
- Fraidycat - organize your content - LinuxLinks
- Securing a Containerized Django Application with Let's Encrypt | TestDriven.io
- vtop - A Linux Process and Memory Activity Monitoring Tool
- Top 10 SQL Developer Tips for 2020 – ThatJeffSmith
- Toward Applied Andragogy in Cyber Security Education | Chris Sanders
- Andragogy
- June 28 Is Insurance Awareness Day – Running Your Business
- How to install NextCloud 19 on Ubuntu 18.04/19.04/19.10/20.04 – Marksei
- AWS Solutions Constructs – A Library of Architecture Patterns for the AWS CDK | AWS News Blog
- Updating the vCenter Server Appliance (VCSA) with PowerCLI - Revisited · davidstamen.com
- VMware vSphere 7.0 Hands On Lab are available now | ESX Virtualization
- Building a Disruption-Free Enterprise IT | APMdigest - Application Performance Management
- Fixes for Some Vagrant Issues on Fedora - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- Code Only Says What it Does - Marc's Blog
- Fundamentally, debugging is an exercise in changing what a program does to match what it should do.
- Terraform Apply - The Associate Certification Exam - Wahl Network
- Educational Radio, Educates | Hackaday
- How to Talk with Your Parents About Their Finances
- OctoPrint: a baby monitor for your 3D printer - Raspberry Pi
- 'Hampton' No More: Man Sheds Family Name With Ties To Confederate General : Live Updates: Protests For Racial Justice : NPR
- Original Juneteenth Order Turns Up At U.S. National Archives : Live Updates: Protests For Racial Justice : NPR
- The 15 Best True Story Podcasts for Real Crazy Stories
- https://www.constantpodcast.com/
https://gimletmedia.com/show/heavyweight/
https://wondery.com/shows/this-is-actually-happening/
https://www.ttfa.org/
https://www.revolutionspodcast.com/
https://www.futilitycloset.com/podcast/
https://genwhypod.com/
https://www.bbc.co.uk/programmes/p02s5rx7/episodes/downloads
https://www.npr.org/podcasts/469516571/modern-love
http://outsideinradio.org/
https://thisislovepodcast.com/
http://www.thesecretroompodcast.com/
https://headgum.com/dead-eyes
https://www.thisamericanlife.org/
https://getmortified.com/podcast/
- High Performance Cheap Windows VPS Hosting with Pure SSD Storage
- Checking Out Raspberry Pi OS 64-Bit on Raspberry Pi 4 8GB RAM
- Build AWS images with Image Builder :: Major Hayden 🤠 — Words of wisdom from a social nerd
- Configuring Autologon during OSD using Autologon.exe – CCMEXEC.COM – Enterprise Mobility
- About PowerShell update notifications | >_
- Remove and Reinstall Microsoft WSUS | PeteNetLive
- Agile DevOps Needs Cloud Optimization | APMdigest - Application Performance Management
- Automating dotnet core SDK updates on Mac | Brian Reiter's Thoughtful Code
- Chris's Wiki :: blog/programming/ProductAndUtilityCode
- OpenVPN Server on Centos7 with Active Directory authentication. – Nerd Drivel
- AppDynamics Receives FedRAMP Authorization | APMdigest - Application Performance Management
- EVPN: The Great Unifying Theory of VPN Control Planes? « ipSpace.net blog
- How to Enable HTTP/2 in Apache on Ubuntu
- Linux tools for improving your time management | Opensource.com
- Mastodon Fun - Sharing Free Software and Ubuntu Touch Together
- VMware Cloud on AWS: A Cost-Effective Platform for Disaster Recovery – Ather Beg's Useful Thoughts
- Upgrading to WSL2 | Fun with virtualization
- Virtualization The Future: VMware Learning Zone Premium Package 6 Month Promotion
- E0B9142C-1325-4D6F-AC64-E7AC775BC2B2.jpeg (600×1136)
- Starting Your Network Automation Journey · Daniel Teycheney
- Adobe Flash Player dies this year and you'll be told to uninstall it
- David Byrne | Radio
- PXE Boot different OS images | Adam Young’s Web Log
- Pi Zero HoneyPot
- Adobe Flash: End-of-Live date again announced | Born's Tech and Windows World
- Ubiquiti UniFi US-8 Gigabit Switch - The Tech Journal
- Managing Deployment Secrets with Azure Key Vault - Cloud for the win!
- Terence Luk: Configuring an Azure Traffic manager to load balance a Windows Server AD FS WAP and Citrix NetScaler AD FS WAP
- 5 Carpentry HACKS with a DECK of CARDS
- Automatic keyboard switch tester – Dangerous Prototypes
- What Is an Electric Vehicle and How Does It Work?
- Oracle Linux 8.2 Released with UEK6, Latest Toolset
- What’s New in Oracle Linux 8.2
Linux Kernel 5.4
GNOME Desktop Environment 3.32+
Unbreakable Enterprise Kernel Release 6 (UEK6)
Red Hat Compatible Kernel (RHCK)
Secure Boot available by default
Clang toolset updated to version 9.0.0
Rust toolset updated to version 1.39
Go toolset updated to 1.13.4
GCC Toolset 9
GCC version updated to 9.2.1
GDB version updated to 8.3
MySQL 8.0
Python 3.8
Nested Virtual Machines (VM) capability added; this enhancement enables an Oracle Linux 7 or Oracle Linux 8 VM that is running on an Oracle Linux 8 physical host to perform as a hypervisor, and host its own VMs.
virt-manager application deprecated; Oracle recommends using the Cockpit web console to manage virtualization in a GUI.
- GitHub - jkutianski/qmk_compaq_mx-11800: Compaq MX-11800 QMK implementation
- Ask Hackaday: Are 80 Characters Per Line Still Reasonable In 2020? | Hackaday
- School’s In Session With HackadayU | Hackaday
- The Ups And Downs Of The Server Cycle - IT Jungle
- When Did Apple Become Popular? A Brief History of the Rise of Apple
- Copy And Paste Deemed Insecure | Hackaday
- Turns out most of the things you want to do with your computer are the very things that are a security risk.
- Great lessons from great men
- What 80,000 Hours learned by interviewing people we respect 'anonymously' - 80,000 Hours
- 8 Lessons from 20 Years of Hype Cycles
- Lesson 1. We're terrible at making predictions. Especially about the future.
Lesson 2. An alarming number of technology trends are flashes in the pan.
Lesson 3. Lots of technologies just die. Period.
Lesson 4: The technical insight is often correct, but the implementation isn't there
Lesson 5: We've been working on a few core technical problems for decades
Lesson 6: Some technologies keep receding into the future
Lesson 7: Lots of technologies make progress when no-one is looking
Lesson 8: Many major technologies flew under the Hype Cycle radar
- Become a Vulnerability Management Guru in 10 Days - Security Boulevard
- Breaking Down CIS Controls
- An Obsession with Retro Japanese Rounded-Corner Windows | Spoon & Tamago
- How to Manage Your Tasks in the Terminal with Taskbook
- How to Enable HTTP/2.0 in Nginx
- 5 Lessons Learned From Patching During a Pandemic - Security Boulevard
- Digital Transformation Moves Application Security to the Top CISO/CSO Priority - Security Boulevard
- Winning at Vulnerability Management: 8 Best Practices - Security Boulevard
- 1. Scan hosts more frequently than networks: Network-based scanners add significant overhead as they scan through network services. They also require attention such as configuring settings, opening firewall ports and so on. Host-based scans, on the other hand, do not traverse the network; they eliminate network overhead and allow more continuous scanning.
2. Scan images rather than instances: In modern cloud-native applications, most of the server instances are installed from one image. Testing the image for vulnerabilities instead of scanning the instances is yet another way that organizations can achieve continuous detection without straining network resources.
3. Augment active scanning with “scanless” non-disruptive methods: Use data from existing DevOps, security and IT repositories such as patch/asset management systems to conduct scanless, rule-based profiling of potential vulnerabilities across all network nodes. When these non-disruptive, scanless results are consolidated with the results of periodic active scanning, the organization can achieve virtually real-time visibility into vulnerabilities without impacting performance. This approach can be implemented using open source tools such as osquery and QRadar.
4. Use multiple factors and context-based risk assessment to prioritize remediation: A variety of external and internal sources should be correlated to better understand the severity of a specific vulnerability within the organization’s unique environment. Examples of external sources would be the CVSS score as well as threat intelligence repositories. Internal sources would be the organization’s asset management and change management systems to understand the business criticality and security posture of the assets threatened by the vulnerability.
5. Maintain a single source of truth for all relevant teams: Enterprises typically have multiple teams working on vulnerability remediation. For example, the security team is charged with the responsibility for vulnerability detection, but it is the IT or DevOps team that is expected to remediate. Effective collaboration is essential to create a closed detection-remediation loop. Each team usually has specialized stacks of databases, processes and tools that can and should be tightly integrated into a centralized vulnerability management platform with the capacity to orchestrate remediation, so that they share a single source of truth. This best practice can be implemented in-house or it can be achieved through third-party solutions.
6. It’s not all about patching: Vulnerability remediation must take shape in a reality where patches are not the only solution. Other remediation approaches include configuration management and compensating controls, such as shutting down a process, session or module. The optimal remediation method—or combination of methods—will differ from vulnerability to vulnerability. To achieve this best practice, it is important to maintain a knowledge base of how to match the best remediation solution to a vulnerability, based on the organization’s cumulative vulnerability management experience. It is also possible to take advantage of third-party knowledge bases that rely on very large data sets.
7. Use remediation playbooks: To match the scalability and velocity of today’s threat environment, vulnerability remediation must be as automated as possible. One highly effective way to achieve such automation is to create predefined playbooks that are tailored to the organization’s environment. Here’s an example of a simple playbook scenario:
8. Use vulnerability management metrics that improve and fine-tune detection, prioritization and remediation processes: Purely quantitative metrics such as a vulnerability count, average CVSS scores of detected vulnerabilities, number of scans run or vendor-based criticality do not provide meaningful insight into the effectiveness of your vulnerability management efforts. As discussed in more detail in this blog on vulnerability metrics, the more meaningful metrics are qualitative—such as coverage, vulnerability dwell time, the average number of vulnerabilities per asset over time and to what extent SLAs are being met. Make it a cross-enterprise objective to improve the vulnerability remediation metrics that have a real impact on your organization’s KPIs.
- How to Secure CI/CD services | Orca Security - Security Boulevard
- How to sell open source software | Opensource.com
- Odroid-H2+ advances to faster Gemini Lake SoC, adds dual 2.5GbE ports
- Odroid-H2+
- Java's 25th birthday prompts a look at which tech products have survived since 1995 - TechRepublic
- Home Assistant, the Python IoT Hub [LWN.net]
- Chris's Wiki :: blog/linux/FedoraRemovingMustBeOptIn
- Yes, you read that correctly: Win7 machines don’t get free security patches, but they do get a free copy of Chredge @ AskWoody
- Chredged
- Chris's Wiki :: blog/sysadmin/DNSUpdatesAndSecondaries
- Adobe will tell you to uninstall Flash by the end of 2020 | Engadget
- Install Docker on Ubuntu using Script | DEVOPS MY WAY
- Introducing AWS Snowcone – A Small, Lightweight, Rugged, Secure Edge Computing, Edge Storage, and Data Transfer Device | AWS News Blog
- Windows 10: Update plans explained | Born's Tech and Windows World
- Redirecting URLs with mod_rewrite | Fat of the LAN
- Deleting old log files | Fat of the LAN
- find /path/to/logs/ -mtime +90 | xargs rm -rf
- Esxtop: Uses and Performance Troubleshooting
- VMware Snapshots: Patching vCenter
- Building a Elasticsearch cluster using Docker-Compose and Traefik | Marco Franssen
- Working with Celery and Django Database Transactions | TestDriven.io
- Moving to cloud-based SIEM: the cost advantage - Microsoft Security
- What's Anonymous Up to Now?
- Akamai Discloses Details of Massive DDoS Attack - Security Boulevard
- AWS mitigated largest DDoS attack ever of 2.3 TbpsSecurity Affairs
- Storage Trends – etbe – Russell Coker
- How to virtually lead engaging technical presentations – IBM Developer
- Time to upgrade your monitor @ tonsky.me
- Fat of the LAN | Living off the fat of the lan
- UniFi RADIUS with a certificate - anyone doing this successfully? | Ubiquiti Community
- 802.1x authentication with Unifi controller and Ubiquiti access points - rieskaniemi.com
- Top 6 security best practices for agile development environments
- 1. Utilize the hacker in that developer
2. Always consider the “evil” user interacting with the system
3. Uphold continuous integration practices, tools and platforms
4. Review user stories with every iteration and adapt as necessary
5. Innovate with security
6. Cultivate the culture of security
- CMMC compliance only for employees handling CUI - PreVeil
- The 4 Most Important Components of Security Posture (Part 2 - People)
- The 4 Most Important Components of Security Posture (Part 1 - Asset Inventory)
- 1. Inventory
2. People/Users
3. Security controls
4. Network configuration and segmentation
- How to Picture Your Enterprise Security Posture - Security Boulevard
- Install An SSL Cert For Ansible Tower Using LetsEncrypt | Greg Sowell Consulting
- Oracle Long Term Support vs Innovation Releases
- Healthcare Exchange Standards: Web API security as foundation for #FHIR
- When Security Takes a Backseat to Productivity — Krebs on Security
- Leveraging ISO 27001 for CMMC Requirements | Pivot Point Security
- The Real Robotic Revolution - VICE
- Static Application Security Testing: SAST Basics - Security Boulevard
- 8 Best Books to Learn and Master Linux [For All Levels]
- S3 Bucket Audit Report using AWS PowerShell Script – Secure your S3 Buckets – Techno Chat|Tech Blog!!
- Discover & Attack Raspberry Pi’s on a Network – ls /blog
- How to Install Ralph Asset Management System on Ubuntu 20.04
- Explicit content and cyberthreats: 2019 report | Securelist
- Weekly Tech Roundup #10 | Andrea Fortuna
- “The Internet is a telephone system that’s gotten uppity.” – Clifford Stoll
- Stay ahead of multi-cloud attacks with Azure Security Center - Microsoft Security
- Ransomware from Your Lawyer's Perspective
- 1. What happens in the first few hours after discovering ransomware is mission critical to my legal analysis.
2. Do we negotiate with the cyber terrorists?
3. Be ready to work with law enforcement and to know whom to engage.
- Roman Dodecahedrons Part II | Tinkerings
- Roman Dodecahedrons Part I | Tinkerings
- Computers as I used to love them @ tonsky.me
- ci-templates - templates for Gitlab CI pipelines — ci-templates documentation
- Who-T: It's templates all the way down - part 2
- Whitelisting explained: How it works and where it fits in a security program | CSO Online
- Legal Documents You Should Prepare Now for COVID-19 - FindLaw
- If that's true, what are the documents you should prepare now? Here's a list.
An advance health care directive: This form allows you to identify someone who will speak for you if you become too sick to communicate or physically incapacitated. It also allows you to indicate your preferences on life-prolonging procedures. A health care proxy also allows you to name someone to make medical decisions for you.
A living will: This document can also address your preferences on life-prolong procedures, as well as other preferences.
HIPAA releases: These are documents where you name a person to communicate with medical providers about your private medical records.
A power of attorney: With this document, you name someone to make financial and legal decisions on your behalf when you can't do so.
A will: This document instructs survivors how your assets will be divided up after your death. It also allows you to designate guardians for your minor children.
It's always best to prepare, especially now.
There's an old Chinese proverb that says, "The best time to plant a tree was 20 years ago. The second best time is now."
It's not too late to plant the tree.
- Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites - Security Boulevard
- T-Mobile Outage Causes Unfounded Panic About a DDoS Attack That Didn’t Happen - VICE
- Exploiting a crisis: How cybercriminals behaved during the outbreak - Microsoft Security
- Ancient History Of The Phone Jack | Hackaday
- Join The Movement With This Mini Cyberdeck | Hackaday
- Fetch COVID-19 US state data and upload to site as JSON in Python 3. - Dark Artistry
- Too old for protests so I brought them to me. - Dark Artistry
- GitHub - evilsocket/opensnitch: OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
- Solving the PowerShell Object Age Challenge - Part 2 • The Lonely Administrator
- Solving the PowerShell Object Age Challenge - Part 1 • The Lonely Administrator
- Why does reseating RAM work? - The Silicon Underground
- House money pit solutions - The Silicon Underground
- In Defense of Working One More Year (OMY) — My Money Blog
- T-Mobile outage cuts off users across the US | Engadget
- Hertz Used Rental Cars: Good or Bad Idea? Big List of Pros and Cons — My Money Blog
- Improving Linux container security with seccomp | Enable Sysadmin
- ‘Anonymous’ takes down Atlanta Police Dept. site after police shooting – Naked Security
- Latest Intel CrossTalk Vulnerability Now Patched in Debian GNU/Linux, CentOS and RHEL - 9to5Linux
- [Howto] My own mail & groupware server, part 3: Git server – /home/liquidat
- Data Security in the SaaS Age: Focus on What You Control
- 1. Create: This is probably better called Create/Update because it applies to creating or changing a data/content element, not just a document or database. Creation is generating new digital content or altering/updating of existing content.
2. Store: Storing is the act committing digital data to some sort of storage repository, and typically occurs nearly simultaneously with creation.
3. Use: Data is viewed, processed, or otherwise used in some sort of activity.
4. Share: Exchange of data between users, customers, or partners.
5. Archive: Data leaves active use and enters long-term storage.
6. Destroy: Permanent destruction of data using physical or digital means such as crypto-shredding.
- The Bright Side of the Dark Web - Dark Reading
- High-Level vs. Low-Level Programming Languages, Explained
- 15 Essential Tips for Ubuntu Linux Power Users
- 7 Useful PowerPoint Templates for More Efficient Meetings
- How to Fix Your Microphone Problems in Windows 10
- 5 Common Internet of Things (IoT) Security Issues and Fixes
- 1. IoT Home Hub Devices Record Everything
2. They Can Be Hacked From the Outside
3. Devices Don’t Use Encryption
4. IoT Devices Aren’t Properly Updated
5. Devices Use Default Factory Passwords
- 10-minute home cardio workout - NHS
- 22 Essential iPhone Keyboard Tips and Tricks
- Erman Arslan's Oracle Blog: ODA -- "Patch your ODA with ODA Patch Bundle" - Stay away from PSUs, CPUs and/or other patches
- Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!
- Examining the US Cyber Budget - Schneier on Security
- GNU Health Embedded Open Source Health Platform Works on Raspberry Pi 3/4, and soon Olimex SBC's
- Ethical Hacking Basic Concepts – Linux Hint
- A Beginner’s Guide To Lithium Rechargeable Batteries | Hackaday
- Lessons In Li-Ion Safety | Hackaday
- Quantum Computing And The End Of Encryption | Hackaday
- Vernier Calipers And Micrometer Screw Gauges, Measuring Without Compromise | Hackaday
- Burning Chrome | Hackaday
- Homebrew Coil Winder Makes Toroids A Snap To Wind | Hackaday
- Modernizing Passwordless Authentication: What Enterprises Can Learn From the U.S. Government - Security Boulevard
- Lesson 1: Usability Is a Must
Lesson 2: Secure Accordingly
Lesson 3: No Legacy Left Behind
- Cyberattack Fears Haunt State Employees More Than Natural Disasters and Terrorist Attacks - Security Boulevard
- Solder To Aluminum | Hackaday
- Windows 10 Version 2004: Deprecated/removed features | Born's Tech and Windows World
- Some Virtualization Papers Worth Reading - Marc's Blog
- Binary Math Tricks: Shifting To Divide By Ten Ain’t Easy | Hackaday
- Ubuntu 20 vs Sonos: SMBv1 | Nelson's log
- PowerShell to Rename Datastores - Notes of a scripter
- $datastoreNames = get-datastore datastore1*
foreach ($Datastore in $datastoreNames){
write-host $Datastore.name "- " -NoNewline
$VMhostFQDN = (get-vmhost -id $(get-datastore $datastore).ExtensionData.host.key).name
$VMhostname = $VMhostFQDN.Split(".")[0]
$datastorenewname = $VMhostname + "-localstorage"
Get-datastore -name $datastore | Set-datastore -Name $datastorenewname
}
- How CERN Made High Quality Electronics In The 1970s | Hackaday
- Protecting virtual Domain Controllers on vSphere with Virtualization-based Security - The things that are better left unspoken
- My Windows Terminal Color Schemes - Thomas Maurer
- DSHR's Blog: Informational Capitalism
- ESP32 Becomes Music Player In Under 40 Lines Of Code | Hackaday
- Threat Modeling Application Released By OWASP: Threat Dragon 1.0 - Security Boulevard
- RS-232 and RS-485 - Security Boulevard
- Security of Health Information - Security Boulevard
- The Easy Way to HIPAA Compliant Password Security – LogonBox Journal
- Step by Step Azure NAT Gateway – Static Outbound Public IP address #ANG #NAT #WVD #Azure #Security #Cloud #MVPBuzz #AzOps #ITPRO #VirtualNetworks #PowerShell | Robert Smit MVP Blog
- The top 5 states for cybersecurity jobs - Security Boulevard
- Consider these numbers:
In the United States alone, there’s an estimated cybersecurity workforce shortage of nearly half million workers (source)
The ratio of supply to demand (meaning the number of workers to the number of openings) is 1.9 for the industry, compared to 4.9 national average for all jobs (source)
The cybersecurity specialist occupation is growing at an annual compound rate of 30 percent (source)
The U.S. Bureau of Labor Statistics (BLS) projects a 32 percent growth in the employment for information security analysts between 2018 and 2028
While the demand is strong across the country, some states rise to the top based on criteria such as the number of openings and salary. Let’s take a look at some of the best states for cybersecurity jobs. (Note: Except for Virginia, these are not listed in any particular order of ranking).
- Concretedog: £12 HDMI-USB Video capture card on Ubuntu (cheap portable Rpi Monitor!)
- How to Cyber Security: Software is manufacturing - Security Boulevard
- Legacy vulnerabilities: How to find and remediate them | Synopsys
- Top 5 Open Source Serverless Security Tools - Security Boulevard
- Snyk
Docker-Lambda
Protego
Lumigo CLI
AWS Serverless Developer Tools
- Dependency Management: 3 Tips to Keep You Sane - Security Boulevard
- #1 Prioritize. Some dependencies are more important than others, so it is important to be able to prioritize them, particularly when it comes to vulnerabilities. You need to understand exactly which open source vulnerabilities are being accessed by your code and which vulnerabilities aren’t so that you can update your most critical dependencies first.
#2 Automate. Maintaining your dependencies can be extremely time sensitive when it comes to vulnerabilities and bug fixes. You can save time and reduce your exposure by automating dependency updates in your software projects and have your dependencies updated when new versions are released.
#3 Establish policies. Establishing a clear policy up front about open source usage and dependency management helps prevent headaches later in development when it is more costly to resolve them. Your policies act as a playbook by telling your development and security teams how to handle these threats in your open source components. Without policies to give clear guidance, managing dependencies efficiently tends to be extremely hard if not close to impossible.
- My Top Five Cyber Security Books - Signal Sciences
- The Evolution of AppSec: Past, Present, and Future - Security Boulevard
- Uncommon Sense Security 2020-03-17 16:46:00 - Security Boulevard
- Cleaning up Splunks .CSV export - Security Boulevard
- The Top 22 Time Saving Tools for IT Admins - JumpCloud
- Two-Thirds of Healthcare Organizations Have Suffered a Security Incident - Security Boulevard
- Web Application Security at Every Stage of the SDLC - Security Boulevard
- Apache Struts research, Part 2: Execution environments | Synopsys
- Apache Struts research, Part 1: Building 115 versions of Struts | Synopsys
- Road to Detection: YARA-L Examples — Part 4 of 3 - Anton on Security - Medium
- Chronicle Road to Detection: YARA-L Language — Part 3 of 3
- Chronicle Road to Detection: Approach — Part 2 of 3
- Chronicle Road to Detection: Context — Part 1 of 3 - Anton on Security - Medium
- Bluetooth security in Windows 10 - Security Boulevard
- Kids' Cybersecurity Activity Book to the Rescue
- IT and Cyber Security Challenges in Healthcare Industry - Security Boulevard
- Current CMMC Milestones For 2020
- How To Reduce Your Attack Surface with System Hardening
- Healthcare Is 20 Years Behind Banks on Cybersecurity in Canada, Experts Say - Security Boulevard
- 5 Best Practices for TLS Certificate Management | Keyfactor - Security Boulevard
- 01 | Know the importance of TLS certificates
02 | Centralize inventory of TLS certificates
03 | Define ownership and policies
04 | Focus on detection and prevention
05 | Adopt automation and self-service
- CCPA enforcement begins in July – and this time it’s for real - Security Boulevard
- Cyber Security Roundup for June 2020 - Security Boulevard
- 86% of data breaches for financial gain – up from 71% in 2019
43% web application (cloud-based) – these attacks have doubled, reflecting the growth in the use of cloud-based services.
67% of data breaches resulted from credential theft, human error or social attacks.
Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime
On-going patching successful – fewer than 1 in 20 breaches exploit vulnerabilities
The vast majority of breaches continue to be caused by external actors.
70% with organised crime accounting for 55% of these.
Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67%), specifically:
37% of credential theft breaches used stolen or weak credentials,
25% involved phishing
Human error accounted for 22%
- What is Boolean? - Security Boulevard
- Eliminate AppSec Sprawl - Security Boulevard
- The Lean, Mean Vulnerability Management Machine - Security Boulevard
- https://www.hsgac.senate.gov/imo/media/doc/Testimony-Feeney-2017-06-21.pdf
- Financial Sector Cybersecurity Framework Profile Consolidates Regulatory Requirements - Security Boulevard
- https://www.hsgac.senate.gov/imo/media/doc/Testimony-Feeney-2017-06-21.pdf
- Financial Sector Cybersecurity Framework Profile Consolidates Regulatory Requirements - Security Boulevard
- Working from Home Cybersecurity Guidance - Security Boulevard
- Run Audio and Video calls Securely
Educate Employees on Phishing attacks
Automate Virtual Personal Network configurations (VPNs)
Control the use of Personal Devices for Corporate Work
Stop Personal Email and Unauthorised Cloud Storage Use
Keep Collaboration Tools Up-to-date
- OWASP Security Knowledge Framework - Security Boulevard
- An SSDLC relies on four parts:
Security requirements
Test automation and code quality checks
Security test automation
Manual verification
- Three Areas of Cybersecurity Strength for Hospitals During a Pandemic - Security Boulevard
- Training and Awareness in a Pandemic
Keep Your Anti-Virus and Anti-Malware up to Date
Multi-Factor Authentication for Both Employees and Patients
Monitor, monitor, monitor
- The CMMC Accreditation Body signs MOU with the U.S. Department of Defense - Security Boulevard
- Nexus Vulnerability Scanner: Getting Started with Vulnerability Analysis
- 8 NIST Security Controls to Focus on During, and After, a Crisis
- IR-4: Incident Handling
IR-8: Incident Response Plan
PL-8: Information Security Architecture
PM-16: Threat Awareness Program
CA-2: Security Assessments
CA-7: Continuous Monitoring
SI-4: Information System Monitoring
SI-5: Security Alerts, Advisories, and Directives
- Why Traditional Security Is Failing Us, Part 2 - Security Boulevard
- Managed IT Security for Healthcare - JumpCloud
- 11 Remote Learning Resources & Cybersecurity Best Practices for EdTech
- Kubernetes Security – A Useful Bash One-Liner – Professionally Evil Insights
- for res in $(kubectl api-resources -o name);do kubectl get $res -o yaml | tee -a k8s.dump;done
- Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level - Security Boulevard
- https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8286-draft.pdf
- 8 Most Common Attack Vectors - Security Boulevard
- Here are the top 8 most common attack vectors:
1. Compromised and Weak Credentials – The perennial top attack vector, compromised credentials account for more than 80% of breaches globally. With password reuse rampant (passwords are reused an average of 2.7 times), one breached credential offers attackers access to multiple services. Multi-factor authentication, password managers, and user education on proper identity best practices can help thwart this common attack vector.
2. Misconfiguration – Misconfiguration has resulted in many high profile breach events, with disastrous consequences. There have been dozens of breaches related to misconfiguration of AWS S3 buckets alone. These oversights are often the result of well-intentioned developers either rushing to get products to market, or simply unfamiliar with secure configuration of the services that they are using. Avoiding misconfigurations is easier said than done, but procedures and systems that audit and automate secure configuration are a great starting point, in addition to ongoing training for developers.
3. Malware – Malware comes in many different forms – viruses, ransomware, etc. Basically, any type of harmful software. Ensuring that all systems have the latest anti-malware software installed is important, as is limiting user privileges, and educating users on what to look out for when clicking links or installing software.
4. Missing or Poor Encryption – Missing or weak encryption can result in sensitive data, such as customer information or credentials, being stolen. Weak encryption can be just as bad as no encryption at all, as many legacy encryption algorithms can be cracked trivially using modern compute power. Whenever possible, use strong encryption for data-at-rest, data-in-transit, and data being processed.
5. Phishing – the human element always has, and likely always will be, a key contributing factor in information security failure. Attackers know they can lure users into clicking malicious links or divulging sensitive data, so they continue to (successfully) rely on this attack vector.
6. Denial of Service Attacks – DoS, and their distributed big brother, DDoS attacks, are meant to flood the resources of a system or site, rendering it unusable. There are a number of subscription services that can help identify and mitigate the effects of even very large scale DDoS attacks.
7. Malicious Insiders – the “double agent” of the modern corporate world, a malicious insider is an employee who abuses their privileges as an authorized user to conduct and attack against company information systems. Since these users are legitimate, it can be more difficult to detect these types of attacks than most others.
8. Trust Relationships and Third Party Risk – There are many interconnected systems, both within and across organizations. This complex set of relationships has the potential to be exploited by attackers, as most famously happened in the Target breach where the initial infiltration was via a third party HVAC vendor. Minimizing privileges, leveraging zero-trust and privileged access management, can help thwart such attacks.
- Cooking up Better Security Incident Communications - Security Boulevard
- Dates. There are no dates at all in their FAQ. When did Home Chef become aware of the incident and, even better, when was the data compromised? The FAQ page doesn’t even have a date the FAQ itself was updated. As a newcomer to your page, I can’t tell if this happened last week or last year. If I need to turn to Google for answers, then you are missing something important.
Require password resets. Home Chef’s guidance to the question: “Should I Reset My Password?” is: Although passwords were encrypted, we recommend you change your Home Chef password in an abundance of caution following the four-step process. The essence of this statement seems good, and I am sure from a PR perspective it is considered the safe answer. But I see a couple of problems with it:
Based on the sample of the breach data, the passwords appear to be hashed using “bcrypt”. Technically, hashed is not the same as encrypted. In layman terms, you can get away with using the term Encrypted here, but knowing that the information security community will probably read this information, a little more precision is preferred. In this case, I would have felt more at ease knowing that Home Chef uses “bcrypt”, as it is a password hashing algorithm that I would recommend.
The advice implies that changing your password is recommended, but especially for people who are overcautious. Nowhere does Home Chef’s FAQ indicate how their password encryption is special; in a world where we normally tell customers that it is necessary to change their compromised password (even one that is encrypted), why would that now be considered just an abundantly cautious recommendation?
You have to dig for this FAQ. It is not on the homepage of the homechef.com website. Instead you have to visit the home page, look for the FAQs & Support section under Resources (in the footer), and then look for the articles on the FAQ. I don’t believe it is being intentionally buried, but Home Chef is not really putting it out there either. If this was a small breach, I would be less concerned about it. But we are talking about 8 million records that include emails, password hashes, last 4 digits (of CC number) and more. The FAQ about the breach should be more obviously accessible on the web page.
- Five key lessons from the 2020 U.S. Cyberspace Solarium Commission report - Security Boulevard
- 1. Enhancing the deterrence to malicious cyberspace actors
2. Enhancing the resilience of the US economy to cyber-attacks
3. Reforming the government in such a way as to increase its deterrence capacity
4. Strengthening the cybersecurity capacity of private sector entities
5. Focusing on election security
- How to Choose the Right Cloud Access Security Broker - Security Boulevard
- Enemy Unseen – Part II: Why Dark Web Monitoring Is Essential
- Shodanfy.py - Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)
- Newsletter: June 13, 2020 – Notes from MWhite
- Creating a Custom Windows 10 Image and Capture it using HyperV | Nerd Drivel
- Review: Magic Mouse 2 and Magic Trackpad 2 on Fedora - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- PowerShell to Get OS Type and Count - Notes of a scripter
- foreach ($VM in $VMs){
$OSName = $VM.ExtensionData.Guest.GuestFullName
If(!($OS_hashtable.ContainsKey($OSName))){
$OS_hashtable.add($OSName,0)
}
$Value = $OS_hashtable.$OSName
$NewValue = $Value + 1
$OS_hashtable[$osName] = $NewValue
}
$OS_hashtable | FT -AutoSize
- Emerging from Digital Shock: IT Leaders Preparing for New Work Order | APMdigest - Application Performance Management
- 92% of SMBs think they can recover from a disaster, but many don't have plans in place - TechRepublic
- 92% of SMBs think they can recover from a disaster, but many don't have plans in place
16% don't even know their recovery time objective.
they could recover data lost in a disaster in under 10 minutes and 30% in under an hour
with 26% of telecom execs reporting an RTO of 10 minutes, finance/accounting and retail/e-commerce saying under one hour, and healthcare positing that it would take one full day to fully recover from a data loss.
- 48% of employees are less likely to follow safe data practices when working from home - TechRepublic
- 48% of employees are less likely to follow safe data practices when working from home
- Software security testing is cool (because it’s fun to break stuff) | Synopsys
- Insight 6/2/2020: Walking Their Path - Security Boulevard
- So that’s my plan. Embrace and celebrate each child’s differences and the different paths they will take. Understand that their experiences are not mine and they have to make and then own their choices, and deal with the consequences. Teach them they need to introspect and learn from everything they do. And to make sure they know that when they fall on their ass, we’ll be there to pick them up and dust them off.
- Automation: Helping Speed Vulnerability Response - Security Boulevard
- VMWare vCenter takeover via vCloud Director (CVE-2020–3956 filed by Citadelo on June 1st, 2020) - Security Boulevard
- Understanding Azure AD’s Premium P2 Tier - Security Boulevard
- Understanding Cyber Resilience: Breach Curves - Security Boulevard
- Healthcare Remained the Most Breached Industry in Q1, Research Shows - Security Boulevard
- Why NHS, UK Healthcare Orgs Need to Boost Their Security
- ISO 27001: Understanding the needs and expectations of interested parties - Security Boulevard
- What Does Successful Vulnerability Discovery Look Like? - ZeroNorth
- Organizations looking to build and scale effective application security programs must create a foundation that includes five key practices.
Prioritization. Not every issue flagged by vulnerability scanning tools needs to be addressed with the same rigor. There are a variety of reasons for this, but the key thing is to be able to determine which issues will impact your organization most.
Normalization. Disparate tools generate different information about vulnerabilities. Some use industry-standard frameworks, which helps, but this isn’t always the case. To make sense of your vulnerability data from an overall risk perspective, you need to use the same scorecard for all your tools.
Consolidation of Views. Most security testing tools are used within a particular stage of the SDLC. This is important for discovering vulnerabilities in the development pipeline, but it creates stage-specific silos. To get a holistic view of risk across testing results, you must be able to consolidate a single view of the software value stream.
Consolidation of Effort. Once you have a consolidated view, you need to translate the information into an action plan. A particular vulnerability will often manifest in multiple instances. You need to report “units of work,” consolidating issues within a certain scope, like the same repository or server type.
Accountability and ownership. The teams who created the pipelines and codebases with identified vulnerabilities should do the remediation work. This builds a security-minded and risk-aware culture throughout the enterprise. To do this, you need to identify who is responsible for known vulnerabilities.
- How to overcome the top 6 application security challenges | Synopsys
- 1. Hiring and retaining security experts is difficult and costly.
2. Your legacy or third-party applications might carry security risks.
3. Lumpy demand requires elastic capacity.
4. You need to respond to changes on a dime.
5. No single testing tool can catch every vulnerability.
6. Tools alone are not enough to keep you safe.
- 6 Issues that Undermine Your Vulnerability Management Team’s Ability to Keep Systems Patched - Security Boulevard
- 1. Difficulty in identifying vulnerable systems
2. Issues with vulnerability scanners
3. Overwhelming vulnerability scan reports
4. Inaccurate and inefficient prioritization of vulnerabilities
5. Knowing whether to act or not to act
6. Reporting on your patching posture
- https://www.preveil.com/wp-content/uploads/2020/03/CMMC-whitepaper-with-mapping.pdf
- CMMC Compliance in Office 365 with PreVeil
- How SOAR Can Take Your Security Budget Further in Turbulent Times - Siemplify
- Seven reasons why businesses get hacked - SecureLink
- Humans are the weakest link
Cybersecurity technology is very strong, but expertise is weak
Cybercriminals have the edge
Cybercrime pays
Humans do fall asleep in the cyber battlefield
Technology as a whole moves very fast and the pace is relentless
In cyberspace, you only know what you know
- Certificate Automation for F5 BIG-IP | Keyfactor - Security Boulevard
- The last 1717 days - Security Boulevard
- Security Posture Questions (and Answers) - Security Boulevard
- NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities - Security Boulevard
- CI/CD and the Promise of Agile Transformation - Security Boulevard
- SMBs Overwhelmingly Believe They Are Ready to Deal with Cybersecurity Incidents
- 24% think they can recover their lost data in less than 10 minutes, and for 29% of them, that time extends to one hour.
- ISO 27001: What’s the difference between a risk owner and an asset owner? - Vigilant Software - Compliance Software Blog
- Why Hackers Live With Their Moms - Security Boulevard
- What Does it Take to Be an Effective Developer Manager? - Security Boulevard
- What is Cyber Risk Management
- What is NIST SP 800 30 - Security Boulevard
- Magellan Healthcare Attack a Harsh Reminder for the Need to Be HIPAA Compliant - Security Boulevard
- Mathematics and programming: exploring the links - Raspberry Pi
- “In my vision, the child programs the computer and, in doing so, both acquires a sense of mastery over a piece of the most modern and powerful technology and establishes an intimate contact with some of the deepest ideas from science, from mathematics, and from the art of intellectual model building.” – Seymour Papert, Mindstorms: Children, Computers, And Powerful Ideas, 1980
- How to block web browser-based localhost port-scans | Ctrl blog
- Chris's Wiki :: blog/linux/SwapOnZramMixedFeelings
- GitHub Pages & Jekyll: Who Needs Expensive Web Hosting?
- Chris's Wiki :: blog/sysadmin/DualDisplayVsMultiDesktop
- Dell U2412M
- Adobe fixes critical flaws in Flash Player and FramemakerSecurity Affairs
- Student loan company that stole indo from consumers leaks sensitive dataSecurity Affairs
- Group Policy Elevation of Privilege Vulnerability (CVE-2020-1317, Important) - The things that are better left unspoken
- Chris's Wiki :: blog/tech/DualDisplaysNaturalSplit
- Firefox GPU RAM leak | Nelson's log
- Comparing the Struts 1 and Struts 2 Web Application Frameworks - Developer.com
- Migrating Struts Applications to Struts 2
- java_tips: Migration from struts1 to struts2
- Tutorials4u - Struts1 to Struts2 Migration
- IBM releases toolkits implementing FHE to process data while encryptedSecurity Affairs
- fully homomorphic encryption (FHE)
- Lamphone
- Native SSH Port Forwarding (Tunneling) on Windows 10 | Windows OS Hub
- Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation - Microsoft Security
- SMBleed could allow a remote attacker to leak kernel memorySecurity Affairs
- Misconfigured Kubeflow workloads are a security risk - Microsoft Security
- The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware - Microsoft Security
- How to Backup Active Directory Domain Controller? | Windows OS Hub
- Dark Basin, a hack-for-hire group that remained under the radar for 7 yearsSecurity Affairs
- The ROI of Industrial Cybersecurity: What You Need to Know - Blog | Tenable®
- 11 security tips to help stay safe in the COVID-19 era - Microsoft Security
- CISO MindMap 2020: What do InfoSec professionals really do?Rafeeq Rehman – Personal Blog
- A Look at What Makes a Vulnerability Survive in the Remediation Race - Blog | Tenable®
- GE FILTERGATE
- The Day the Sun Brought Darkness | NASA
- How to Protest Without Sacrificing Your Digital Privacy - VICE
- The Sun Has Been Hibernating for Years. It Might Be Waking Up - VICE
- How to Program an ESP8266 or ESP32 Microcontroller Over Wi-Fi with MicroPython « Null Byte :: WonderHowTo
- How to Write Your Own Bash Script to Automate Recon « Null Byte :: WonderHowTo
- Build an Off-Grid Wi-Fi Voice Communication System with Android & Raspberry Pi « Null Byte :: WonderHowTo
- Facebook paid for a 0-day to help FBI unmask child predator – Naked Security
- Windows 10 Built-in Packet Sniffer - PktMon
- CIS CSC #12 – Boundary Defense – The Personal Blog of Sean Goodwin
- How Organizations Can Reduce the Economic Incentives of Vulnerabilities
- SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1 - Blog | Tenable®
- What Is the Lifespan of a Vulnerability?
- As Hardware Becomes Ever More Impressive, Software Suffers Rough Edges - TidBITS
- Digital signatures with GnuPG | Enable Sysadmin
- SOC 2 & ISO 27001… The ULTIMATE Security Attestation | Pivot Point Security
- Having such a strong security posture could shorten your sales cycle
The marketing value of dual attestations is “huge”
Having all that documentation and detail minimizes the time and effort associated with onsite audits and simplifies the process of responding to questionnaires and other due diligence by stakeholders
As noted above, by having such a robust security posture, you could well avoid the cost, legal and reputational impacts of a data breach
- ECDSA: Handle with Care | Trail of Bits Blog
- Strategic Defense | Thom Langford
- "The people who get on in this world are those that get up and look for the circumstances they want and if they can't find them, they make them." - George Bernard Shaw
- PXE and Kickstart: repos | Adam Young’s Web Log
- PXE Setup: Debugging Kickstart | Adam Young’s Web Log
- PXE Setup Part the First | Adam Young’s Web Log
- Credential Dumping: Domain Cache Credential
- Make It So: Accelerating the Enterprise with Intent-Based Network Security
- How to operationalize privacy by design
- Sysadmin security: Auditing your perimeter and access points | Enable Sysadmin
- Kaleidoscopic space art made with Raspberry Pi onboard the ISS - Raspberry Pi
- OpenZFS removed offensive terminology from its code | Ars Technica
- How Misconfigured Containers May Create Cybersecurity Issues For Companies
- Driving healthcare IT transformation with global systems integrators
- Does your GI RU/RUR patch level have to match your database's?
- “Before 18c, the Oracle Grid Infrastructure (GI) /Clusterware (CRS) version must be of equal or the highest version down to the 4th digit in the possible combinations at all times.“
“Starting from 18c, the Oracle Grid Infrastructure (GI) /Clusterware (CRS) version must be of equal or the highest version down to the first digit in the possible combinations at all times.“
- How to Monitor Your VMs with RVTools
- network segmentation and security part two how it can improve
- SysAdmin Software For Your Budget | Diary of a Network Geek
- Why your IT team needs cyber security training - IT Governance UK Blog
- Facilitation, collaboration, and webcams: A story about Principles of Authentic Participation - Justin W. Flory's blog
- This blog post is a story, or perhaps open source lore. So, here is the abridged summary:
The Sticky Idea: How did a discussion topic at a one-day open source sustainability conference evolve into a three-month extended collaboration?
Facilitation, Roosevelt-style: The people are here. How do you facilitate a conversation with no scope and few bounds?
Is there a next chapter to this story?: The Working Group is winding down. What happens to the Principles next?
- Digital transformation in financial services without breaking the bank
- COVID-19 and its effects on cyber espionage and national security - IT Governance UK Blog
- Knoxville Pulls IT Systems Offline Following ...
- Linux kernel earns CII best practices gold badge - The Linux Foundation
- WinRM Penetration Testing
- Looking at Big Threats Using Code Similarity | Securelist
- EvilPDF - Embedding Executable Files In PDF Documents
- RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities
- Atlas - Quick SQLMap Tamper Suggester
- Recox - Master Script For Web Reconnaissance
- GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
- Security and Salt | The Networking Nerd
- Are Academic Healthcare Systems Top COVID-19 Attack Targets?
- Inappropriate Access to Records Continued for 8 Years
- Key Mime Pi: Turn Your Raspberry Pi into a Remote Keyboard · mtlynch.io
- Raspberry Pi Zero W
- Kali Linux Top Forensic Tools (2020) – Linux Hint
- Ransomware Attacks Hit 2 More Healthcare Organizations
- Data Breach Lawsuit Filed Against Pediatric Care Provider
- Federal Agencies Reported Fewer Security Incidents in 2019
- But FISMA's 71 security audits of "high-value assets" - the critical systems that government agencies use - showed that many of these systems remain susceptible to common attacks, such as spear phishing. The audits also showed that these assets are prone to poor patch management, password reuse, insecure default configuration and weak password policies, according to the report.
- Honda Ransomware Confirms Findings of Industrial Honeypot Research | SecurityWeek.Com
- Another Intel Speculative Execution Vulnerability - Schneier on Security
- The new SGX attacks are known as SGAxe and CrossTalk. Both break into the fortified CPU region using separate side-channel attacks, a class of hack that infers sensitive data by measuring timing differences, power consumption, electromagnetic radiation, sound, or other information from the systems that store it. The assumptions for both attacks are roughly the same. An attacker has already broken the security of the target machine through a software exploit or a malicious virtual machine that compromises the integrity of the system. While that's a tall bar, it's precisely the scenario that SGX is supposed to defend against.
- Medical Device Repair Again Threatened With Copyright Claims | Electronic Frontier Foundation
- Medical care and the maintenance of medical devices are too important to let overreaching copyright claims get in the way. We at EFF are proud to be able to support iFixit and we hope that the device manufacturers will let the repair community continue to do its vital work instead of wasting everyone’s time with unfounded legal threats.
- Complete Guide to Install Zotero on Ubuntu 20.04
- Building a Corporate Culture That Values Cybersecurity
- "Think about the type of culture you want. Think about the kind of behaviors that would actually reflect that culture. Where do you want to see improvements? What would show that what you're doing is working? They're the kind of behaviors you want to wrap metrics around." - Jessica Barker
- Former IT Administrator Sentenced in Insider Threat Case
- After resigning from his job in July 2018, Charles E. Taylor of Jacksonville, Arkansas, caused more than $800,000 in damage to his former firm, which had to replace several routers and rebuild and restore its internal computer network, according to the U.S. Attorney's Office for the Northern District of Georgia, which oversaw the case.
In addition to his 18-month prison sentence, Taylor must undergo three years of supervised release and pay restitution of $834,510,
- 1st city in US named for Columbus puts his statue in storage - Japan Today
- SANS Cyber Security Certifications & Research
- Where the CISO should report depends on structure, industry, and maturity
- List of data breaches and cyber attacks in May 2020 – 8.8 billion records breached - IT Governance UK Blog
- Unilever CISO on Security Priorities for Remote Workforce
- In the interview, Ford also discusses:
Why email security is still one of the weakest links in the security chain;
How organizations should review their approach to identity and access management;
The growing importance of CASB technology;
How organizations can achieve a passwordless environment.
- Cycldek: Bridging the (air) gap | Securelist
- Securosis - Blog - Article
- Back in 2009, we introduced a concept called The Data Breach Triangle, which gave us a simple construct to enumerate a few different ways to stop a data breach. You need to break one of the legs of the triangle.
Data: The equivalent of fuel – information to steal or misuse.
Exploit: The combination of a vulnerability or an exploit path to allow an attacker unapproved access to the data.
Egress: A path for the data to leave the organization. It could be digital, such as a network egress, or physical, such as portable storage or a stolen hard drive.
- Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity — Krebs on Security
- Oracle on Azure- Sizing vs. Optimizing
- Automating business for Covid-19 continuity | ITProPortal
- Add your personal aliases to bashrc the smart way | Arcolinux.com
- Domain Persistence: DC Shadow Attack
- How To Install Docker on Ubuntu 20.04 LTS - idroot
- sudo apt update
sudo apt upgrade
sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
apt list -a docker-ce
docker --version
systemctl status docker
docker container run hello-world
- Which cloud strategy is right for you in 2020? | Enterprise Channels MEA
- A hybrid cloud strategy combines the best of both worlds of public cloud and the non-cloud-ready aspects of existing IT infrastructure. And often, even if hybrid cloud isn’t the organisation’s plan in the first place, it will end up being the preferred approach once established.
- How to Install KVM on Ubuntu 20.04
- Evil-Winrm : Winrm Pentesting Framework
- Senators demand answers over Juniper Network's 2015 backdoor incident | Engadget
- PineTab Linux Tablet Is Now Available for Pre-Order, Powered by Ubuntu Touch - 9to5Linux
- What is the Raspberry Pi Smart Mirror? – Linux Hint
- Vicarious trauma and OSINT – a practical guide – We are OSINTCurio.us
- Wide Mouth Canning Jar Accessories | Cool Tools
- Norpro Stainless Steel Wide-Mouth Funnel
- Cyber ransom demands up 200 percent in 2019
- Canning 101: A Field Guide to Jars – Food in Jars
- 3 Behind-the-Scenes Actions That Make Your Apps More Secure - Fossbytes
- 1. Security Training
2. Careful Programming
3. Security Testing
- Thai Coconut Salmon or Tilapia Recipe; Easy, Delicious, Gluten Free, Paleo | Penniless Parenting
- How to Optimize Your Bedroom for Better Sleep | Penniless Parenting
- ipcalc in powershell – Laurent Schneider
- Best Practices for Organizing Data on Your Computer | Alexander's Blog
- Windows Forensic Analysis: some thoughts on RDP related Event IDs | Andrea Fortuna
- 10 Tips for Maintaining Information Security During ...
- Update Planning for Remote Employees
Ensure Communication Is Clear
Put an IP Security Clause in Employment Contracts
Conduct Regular IP Compliance Training
Assemble Your Team of Stakeholders
Assign an Independent Assurance Manager
Choose Your Decommissioning Path Wisely
Get Promises in Writing On the Way Out, Too
Keep Surrendered Equipment Intact
Look After a Security Team That Might Be Burning Out
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
- How and Why to use Variation in Software Testing - EvilTester.com
- Do Healthcare Providers Need Help? ~ Cyber Thoughts
- "Must Have" Free Resources for Malware Analysis | SANS
- "Must Have" Free Resources for OSINT | SANS
- Top 5 Steps to Immerse yourself into the Cyber Security field | SANS
- Security Certification Roadmap - Paul Jerimy
- How Frugal Are You? | The Do’s and Don’ts to Living Frugally – BeingFrugal.net
- Avoid spoiling your kids if you truly want to live a frugal lifestyle.
To conclude, living frugally doesn’t have to be boring and you don’t have to avoid buying nice things or going out once in a while. The essence of frugal living is focusing on what is important to you.
Instead of splurging on everything that takes your fancy, you live moderately in certain areas of your life and you spend money on things that really spark joy within your financial means. Living frugally means that you live within your means and you don’t overspend. Many people today live outside of their means and spend money they don’t have by using credit cards and other unnecessary credit facilities.
- RationalPlan 5.5 Adds Kanban Board for Agile Project Management
- Chris's Wiki :: blog/sysadmin/ChangeSubtleDangerExample
- GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
- Creating Solaris 11 VMs with Vagrant | rootpool
- BT auditor highlights new IT vulnerabilities - IT Governance UK Blog
- KPMG found that BT had misstated its financial statements as a result of “material weaknesses related to general IT controls and risk assessments”
- Major release: Lynis 3.x - Linux Audit
- A strong relationship between security and engineering teams accelerates the transition to DevSecOps - TechRepublic
- "Embracing an "everyone is part of the security team" approach shifts DevOps to DevSecOps, according to a report from Cobalt.io."
- Security faux pas: 56% of employees use personal computers to WFH - TechRepublic
- 56% of employees use personal computers to WFH
- URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
- Open Source Product Analytics With PostHog - The Python Podcast
- Personal Data in URLs – PrivacyWise
- I'd like to speak to your CIPO, please | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- PowerShell Tips 1 | Adventures in a Virtual World
- Sandboxie went GPL3! | Fun with virtualization
- New – Amazon EC2 C5a Instances Powered By 2nd Gen AMD EPYC™ Processors | AWS News Blog
- Home Lab Email Server: Getting around ISP Port Blocks | dlford.io
- How to Make your own Custom Lighter Stickers | dlford.io
- FreeNAS ZFS optimizations and considerations for SSD and NVMe - The Tech Journal
- Terence Luk: Disabling Teams File Sharing and Disabling OneDrive for Office 365
- The 10 Best Mailing List Managers for Linux System in 2020
- Explained: Why this photo crashes some Android phones | Nokiamob
- APC Smart-UPS 1500 Battery Replacement – CubicleNate's Techpad
- Coursera Together: Free online learning during COVID-19
- Live Cheaply and Invest In Yourself — My Money Blog
- AI takes traditional Chinese painting in a new direction | Engadget
- Xieyi
- [Howto] My own mail & groupware server, part 2: initial mail server setup – /home/liquidat
- A Beginners Guide to Snaps in Linux - Part 1
- A secure and private open source alternative to Alexa | Opensource.com
- How to Use Ansible Template Module – Linux Hint
- Eliminate spam using SSL with an open source certification authority | Opensource.com
- Next Generation coreboot Server Platform
- Is your team a "glue team?" | Opensource.com
- [DRAFT] Automated Server Installs - Server - Ubuntu Community Hub
- 10 Actionable SSH Hardening Tips to Secure Your Linux Server
- PermitEmptyPasswords no
Protocol 2
ClientAliveInterval 300
ClientAliveCountMax 2
X11Forwarding no
use Fail2Ban
sshd -T
- Homemade Japchae Recipe, Korean Glass Noodle Stir Fry, Gluten Free, Vegan, Paleo Option | Penniless Parenting
- Japchae
- 5 Steps to Install Proxmox VE on a ZFS RAID Array | dlford.io
- 5 Steps to Set Up a Fast, Secure NGINX Reverse Proxy Server | dlford.io
- A lesson in economic violence
- Business Resilience Tips for Entrepreneurs – Running Your Business
- What is a serverless database? - Blog dbi services
- The Thrifty DBAs Guide to Open Source Database Security Tools | Integrigy
- AutoUpgrade in trouble when you are short on RAM
- Domain Persistence AdminSDHolder
- Cyber Security for Protests
- Cybersecurity for Activists: How to Protect Yourself When Protesting for Change | Security Gladiators
- Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
- How to Enable Offline Chat Communications Over Wi-Fi with an ESP32 « Null Byte :: WonderHowTo
- Maze Ransomware leaks files of ST Engineering groupSecurity Affairs
- Working with Dockerfiles - buildVirtual
- Astsu - A Network Scanner Tool
- Unpatched Microsoft Systems Vulnerable to CVE-2020-0796 | CISA
- Virtual Summit Dives Into Healthcare Cybersecurity Issues
- Easy Security Tools for Ubuntu 20.04 Users
- 1. Tor Browser
2. Enigmail
3. GSConnect
4. KeePassXC
5. DNSCrypt
6. Encrypt Archive
7. F-Droid (Phone Only)
8. Antivirus?
- 5 Signs It's Time to Hire Balbix for Vulnerability Management
- How Network Segmentation Can Improve Security: Part One - Delta Risk
- The Capital One Data Breach a Year Later: A Look at What Went Wrong and Practical Guidance to Avoid a Breach of Your Own - Security Boulevard
- What happened:
An EC2 instance running WAF software (ModSecurity) was compromised in Capital One’s account via SSRF.
The AWS metadata service was queried, and it returned information about a role that was attached to the instance as well as the access token for the role.
The role was titled *-WAF-* but had unnecessary permissions to read from S3 (and most likely kms:decrypt as well).
A bucket was found via the role that had access to a sensitive S3 bucket.
Data was decrypted and exfiltrated from the account.
On an editorial note, this feels like the next “S3 exposure” type of event; however, there were a couple of key differences. Back in 2017/2018, when publicly exposed S3 buckets started popping up everywhere, there were two main issues.
At scale, enterprises just couldn’t keep a handle on how all of their buckets were configured and they were struggling with a lack of visibility.
The “Authenticated Users” bucket ACL was much more permissive than people thought (it was all logged in AWS users that would have access to a bucket instead of just authenticated users to the local account), so people were essentially making buckets wide open because of poor naming on AWS’ part and a lack of understanding of what each ACL did.
- True IT Stories: Creative WFH Solutions - Security Boulevard
- 1. Providing Hardware
2. Being Available
3. Setting Up Your New Office
- William Bernstein and Safe Withdrawal Rates — My Money Blog
- “If past history was all there was to the game, the richest people would be librarians.” - Warren Buffett
"Even the most sophisticated retirement projections contain so much uncertainty that the entire process can be summarized as follows: Below the age of 65, a 2% spending rate is bulletproof, 3% is probably safe, and 4% is taking chances. Above 5%, you’re taking an increasingly serious risk of dying poor. (For each five years above 65, add perhaps half of a percentage point to those numbers.)" - The Ages of the Investor: A Critical Look at Life-cycle Investing.
- Learn at home #3: building resilience and problem solving skills - Raspberry Pi
- Tricks for Working with Data in Python – Linux Academy
- Super Easy Ricotta Cheese Cheesecake Recipe- Gluten Free, Egg Free, Allergy Friendly | Penniless Parenting
- Super Easy Ricotta Cheese Cheesecake Recipe- Gluten Free, Egg Free, Allergy Friendly
Ingredients:
3 cups ricotta cheese (26oz)
1 cup sugar
1 teaspoon vanilla extract
1/2 cup all purpose gluten free flour mix, or wheat flour
1/2 teaspoon baking powder
1-2 teaspoons cocoa powder (optional)
Instructions:
1. Mix all your ingredients together other than the cocoa powder.
2. If making a cocoa swirl, remove some of the batter and mix it with cocoa powder, then pour it into the batter, swirling around the chocolate part with a knife.
3. Bake at 350 for 22 minutes.
- Racism is not a political issue. Racism is a MORAL issue.
- The Linux Foundation introduces Cloud Engineer Bootcamp for cloud job seekers | ZDNet
- #Privacy: Michigan State University struck by ransomware attack - PrivSec Report
- How to use Kali Linux & Raspberry Pi for Wireless Penetration Testing
- An Introduction to the io_uring Asynchronous I/O Framework | Oracle Linux Blog
- Cooking up secure code: A foolproof recipe for open source - Help Net Security
- Software Composition Analysis (SCA)
- Linux security: Protect your systems with fail2ban | Enable Sysadmin
- A new Java-based ransomware targets Windows and Linux | TechCrunch
- How to configure vmkernel ports with Terraform - mwpreston.net
- Virtualization Security | Security Blog | VMware
- Per-zone DNS resolution for homelabs | Patrick Kremer
- Introduction to Computer Networking, Binary, and Hexadecimal | dlford.io
- 3 Simple Steps to Send Email Alerts From a Linux Server | dlford.io
- How the vExpert program improves my life -
- 3 Best Tips for ZFS Memory Tuning on Proxmox VE 6 and Higher | dlford.io
- How to Home Lab: Part 8 - Introduction to Docker: Installation and Usage. | dlford.io
- How to Home Lab: Part 7 - Log Management | dlford.io
- How to Home Lab: Part 6 - Hosting on the Web | dlford.io
- How to Home Lab: Part 5 - Secure SSH Remote Access | dlford.io
- How to Home Lab: Part 4 - NGINX Reverse Proxy | dlford.io
- How to Home Lab: Part 3 - Host an Intranet Site with pfSense and NAT | dlford.io
- How to Home Lab: Part 2 - Managing Proxmox VE | dlford.io
- How to Start a Home Lab: Part 1 - Proxmox VE | dlford.io
- 5 Steps to Safely Replace a Drive in a Linux ZFS Array | dlford.io
- 5 Powershell Commands to Fix Most Windows 10 Problems Easily | dlford.io
- sfc /scannow
dism.exe /online /cleanup-image /restorehealth
Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
chkdsk /x /f /r
shutdown /r
- Video : Using Podman With Existing Dockerfiles (Oracle Database and ORDS) | The ORACLE-BASE Blog
- Top 10 Java stories of May: TIOBE Index, Spring Boot 2.3, Java 16 plans & more - JAXenter
- The 50 Practical Examples of The SED Command in Linux
- COVID Diaries Pt. 4 | Greyhawk's Meanderings
- Using Unison Across Linux, macOS, and Windows - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- ORACLE-BASE - Podman : A Basic Example of Using Podman With Dockerfiles (Oracle Database and ORDS) on Oracle Linux 8 (OL8)
- Wearables Like the Apple Watch Show Promise in Detecting COVID-19 Infections - TidBITS
- From Earth to orbit with Linux and SpaceX | ZDNet
- How to Audit Your Linux System’s Security with Lynis
- The 20 Best Open Source BI Tools and Software in 2020
- Low-cost air quality sensor works with Raspberry Pi
- New software security tool to detect bugs in OS - Tech Explorist
- Linux Fu: Raspberry Pi Desktop Headless | Hackaday
- Raspberry Pi 4 B: How Much RAM Do You Really Need? | Tom's Hardware
- The 14 most loved programming languages, according to Stack Overflow - Business Insider
- 1. Rust
2. TypeScript
3. Python
4. Kotlin
5. Go
6. Julia
7. Dart
8. C#
9. Swift
10. JavaScript
11. SQL
12. Bash/Shell/PowerShell
13. HTML/CSS
14. Scala
- 8 IT jobs in flux | The Enterprisers Project
- 1. "Architect astronauts"
2. ITOps
3. Line support engineers
4. QA engineers and testers
5. Developers
6. Scrum master
7. Database administrators
8. Anyone unwilling to change
- Announcement: RapidDisk version 6.1 released – Random [Tech] Stuff
- Open source software for open infrastructure | Ubuntu
- How to Create a Multiple Choice Menu in Bash Scripts - Putorius
- Using Snap Packages in Linux - A Beginners Guide to Snapd - Putorius
- Doc Searls Weblog · Bad $20
- Android: Why this photo is bricking some phones - BBC News
- The Ayabmuk World - Lawfare
- Cybersecurity Lessons From the Pandemic, or Pandemic Lessons From Cybersecurity - Lawfare
- ENISA: "Proactive detection – Measures and information sources" reportSecurity Affairs
- How to Use Kali Linux Forensics Mode – Linux Hint
- Security & Privacy by Design (S|P) Principles
- Why should you teach cybersecurity to your kids? - Security Boulevard
- Age gap for cyber security?
Think twice before you post
‘Stranger danger’
Cyberbullying
Oversharing and cyber theft
Securing online accounts
- OneDrive causes network performance issues | Born's Tech and Windows World
- Dial-up pool - Doge Microsystems
- Essential Keyboard Shortcuts for Visual Studio Code
- What the NIST Zero Trust Architecture Means for Business Continuity - Security Boulevard
- Introducing The Adventures of CISO Ed & Co. (Pandemic Edition) - Security Boulevard
- DoS Attacks in the Age of Remote Work - Why Modern ISPs can’t Look Over Internet of Things Security
- 'Anonymous' Hackers' Group Is Back; Here's Why The World Fears Them
- KeyStore Explorer
- [Howto] My own mail & groupware server, part 1: what, why, how? – /home/liquidat
- https://mailu.io/1.7/
https://mailcow.email/
- Windows Incident Response: Tips on Using RegRipper v3.0
- The state of threats to electric entities: 4 key findings from the 2020 Dragos report - Security Boulevard
- 1. Power outages as opportunities for adversaries
2. Supply chain compromise and CIP-013
3. OT communications gateways
4. The state of threats to electric entities in the United States
- COVID-19 Response: Following Best Telehealth Security Practices - Security Boulevard
- The Role of Luck in Long-Term Investing, and When To Stop Playing The Game — My Money Blog
- BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier - Security Boulevard
- Simple Unix file encryption | Nelson's log
- Full Lifecycle Cloud Security - DivvyCloud
- Full Lifecycle Cloud Security, Part II - DivvyCloud
- Leveling Up: How to Improve Your ACSC Recommended Maturity Model
- The Adventures of Microservice - The Birth of Microservice - Security Boulevard
- Thirty-four Years in IT - Leadership Chaos, Career Derailed (Part 10) - Security Boulevard
- Thirty-four years in IT - The Application That Almost Broke Me (Part 9) - Security Boulevard
- Thirty-four years in IT - Swimming with the Itanic (Part 8) - Security Boulevard
- Thirty-four Years in IT - Addressing Application Security (Part 7) - Security Boulevard
- Thirty-four years - Building out Disaster Recovery (Part 6) - Security Boulevard
- Thirty-four years - System Administration, Backups, and Data Centers (Part 5) - Security Boulevard
- Thirty-four years - Security and firewalling (Part 4) - Security Boulevard
- Thirty-four years - The System Office, Novell Directories, and Building a State Backbone (Part 3) - Security Boulevard
- Thirty-four Years - Networking and Software Development (Part 2) - Security Boulevard
- Thirty-four Years - Instructor, Machinist, CNC and CAD/CAM (Part 1) - Security Boulevard
- Sharing Security Career Tips During a Global Pandemic - Security Boulevard
- Amid a Major Skills Shortage, CISOs Are Turning to Security Analytics and Threat Intelligence - Security Boulevard
- Windows Ransomware Must Not be Unspeakable When People Die in Large Numbers Due to That (and Windows Has Intentional Back Doors) | Techrights
- The Ongoing CPU Security Mitigation Impact On The Core i9 10900K Comet Lake - Phoronix
- Mitchell's Blog
- CMMC-AB Credentialing and Accreditations National Conversation - YouTube
- VirtualBox 6.1.x Windows 10 2004 Upgrade Problem Resolution « Bob on Medical Device Software
- Cloud Security Tips for Distributed Companies - Security Boulevard
- Executives Bypass Security Protocols for Fear IT Admins Might Peek into Their Private Lives - Security Boulevard
- Immunity Passports Are a Threat to Our Privacy and Information Security | Electronic Frontier Foundation
- Watch EFF Cybersecurity Director Eva Galperin's TED Talk About Stalkerware | Electronic Frontier Foundation
- How to Unlock Hidden Browser Games in Edge, Firefox and Chrome
- How the Role of the Modern Security Analyst is Changing - MixMode
- Lennart Koopmann - How to Make a Small Raspberry Pi Display Look Better
- 10 Nerdcore, Nerd Folk, and Nerdy Artists for Your Playlist
- The OWASP ZAP HUD - Security Boulevard
- Detecting Bad OpenSSL Usage | Trail of Bits Blog
- How to Monitor Your Employees — While Respecting Their Privacy
- Introduction - Purify Docs
- Octopus Scanner Malware: open source supply chain attack via NetBeans projects on GitHubSecurity Affairs
- COVID Diaries Pt. 2 | Greyhawk's Meanderings
- COVID Diaries Pt. 1 | Greyhawk's Meanderings
- How to clear a local Applocker policy | >_
- Getting Started with OpenSSL and PowerShell [Tutorial]
- NetWalker gang threatens to release Michigan State University filesSecurity Affairs
- ANDRAX v5R NH-Killer - Penetration Testing on Android
- API Security and Hackers: What's the Need? ............Security Affairs
- Credential Dumping: LAPS
- ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending
- Migrating Clients Off Active Directory - JumpCloud
- https://github.com/TheJumpCloud/jumpcloud-admu
- How Does AD Accommodate WFH? - JumpCloud
- Security Compliance Reports with Scan - Security Boulevard
- Why Manual Penetration Testing and Automation are Important Aspects of an AppSec Program - Security Boulevard
- The 4 Most Important Components of Security Posture (Part 1 - Asset Inventory) - Security Boulevard
- Top Ransomware Attack Vectors: RDP, Drive-By, Phishing
- RDP
Drive-by
Phishing
- CIP - Security Boulevard
- CIP is neither as simple as Modbus nor as complex and heavy as PROFINET.
- CDM: The Next Chapter – MeriTalk
- The ‘Next Chapter’ in Cyber Risk: Are Federal Agencies Prepared? - Blog | Tenable®
- Capital One Must Turn Over Mandiant's Forensics Report
- 5 advantages of the principle of least privilege - SecureLink
- 1. Creates an environment with fewer liabilities
2. Limits the possibility of catastrophic damages
3. Protects against common attacks, like SQL injections
4. Data classification promotes a healthy network
5. Superior data security and audit capabilities
Best practices of POLP
There are several best practices that organizations should consider following when implementing least privilege access in their security policies.
Make least privilege model the default for all accounts.
Elevate privileges on a situational and timed basis only. One-time use permissions are a good way to provide necessary access while maintaining control.
Monitor and track all network activity, including individual logins, system changes, and access requests. It’s critical to always understand who is on your network and what they are doing.
Ensure a flexible access management platform is in place so that privileged credentials can be securely elevated and easily downgraded.
Identify and separate high-level system functions from lower-level functions.
Audit privileges granted to users and applications. Conduct this review regularly to make sure all authorized permissions are still relevant.
- Career Choice Tip: Cybercrime is Mostly Boring — Krebs on Security
- ICT solutions provider NTT Com discloses security breachSecurity Affairs
- The YouLoop Passive Loop Antenna Reviewed on HF Reception
- The Design of Everyday Things, Revised and Expanded Edition
- The Design of Everyday Things, Revised and Expanded Edition
- Windows lifecycle fact sheet - Windows Help
- How to Search Reddit Effectively: Useful Tips and Tricks to Know
- Cheap Speakers Sound Great In A Proper Enclosure | Hackaday
- Raible Designs | Secure by Design Book Review
- Patching Oracle Database Appliance From 18.8 to 19.6 - Blog dbi services
- Part 4 - SQL Server TDE and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427692
- Peeking Inside Executables And Libraries To Make Debugging Easier | Hackaday
- ZeroSSL Streamlines SSL Certificate Administration
- How to Manage Your Tasks Using the Japanese Kanban Technique
- How to Upgrade or Switch Linux Distros Without Losing Data
- How to Make a DIY HDTV Antenna and Ditch Cable for Good
- The 5 Best Sites to Learn the Basics of Music Theory
- https://underdefense.com/wp-content/uploads/2019/09/UnderDefense-vSICO-main-activities.pdf
- Cisco security breach hits corporate servers that ran unpatched software | Ars Technica
- Windows 10 Version 2004 will be released on May 27, 2020 | Born's Tech and Windows World
- Chris's Wiki :: blog/tech/SSHRSAKeysPersistence
- Introduction to ZTP
- C’mon, not all disagreements are opportunities to change your own mind – Julia Galef
- Free SSL with NGINX and LetsEncrypt on Debian 10 - Low End Box
- Reading Research: A Guide for Software Engineers - Marc's Blog
- Identity-related Features in Windows 10 version 2004 build 19041 - The things that are better left unspoken
- Identify Source of Active Directory Account Lockouts: Troubleshooting
- AZ-500 Study Guide: Microsoft Azure Security Technologies 2020 - Thomas Maurer
- Part 4 - SQL Server TDE and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427692
- Part 3 (Portal) - SQL Server TDE and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427688
- Part 2 (PowerShell) - SQL Server TDE and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427682
- Part 2 (Portal) - SQL Server TDE and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427685
- Part 1 - SQL Server TDE and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427679
- Intro - SQL Server Transparent Data Encryption and Extensible Key Management Using Azure Key Vault - Microsoft Tech Community - 1427549
- The secret life of discontinued apps
- Massive amounts of corporate data now stored on employee USB devices
- The effect of GDPR two years on
- Azure Networking 101 « ipSpace.net blog
- Texas Department of Transportation (TxDOT) hit by a ransomware attackSecurity Affairs
- GDPR Enforcement Loosens Amid Pandemic
- https://www.iso27001security.com/ISO27k_FAQ.pdf
- The evolution of ransomware in 2019
- WiFi Goes Open | Hackaday
- Les McKeown: "Predictable Success" | Talks at Google - YouTube
- ChinaTalk: An Industrial Espionage Parable - Lawfare
- Mara Hvistendahl's "The Scientist and the Spy,"
- 6 mistakes when choosing a managed services provider | Synopsys
- 1. Ceding control
2. Limiting visibility
3. Underestimating growth
4. Choosing a managed services provider that loves their tool
5. Relying exclusively on automated testing
6. Choosing a provider that leaves all the fixes to you
- Zero Day Initiative — MindShaRE: How to “Just Emulate It With QEMU”
- Fireworks in Japan were Originally Meant to Ward Off Epidemics | Spoon & Tamago
- Weekly Tech Roundup #8 | Andrea Fortuna
- “I see technology as being an extension of the human body.” – David Cronenberg
- Dezinformatsiya — Adam Caudill
- The most effective disinformation is built on a couple things:
Existing cracks in society. It is far easier to exploit existing mistrust, doubts, and divisions than it is to take a unified group and split them apart. There needs to be an existing fissure that can be widened.
Elements of truth. While outright lies can have a useful impact, the most effective efforts are those that are built on at least some degree of truth.
- A Test of Time: COAST and an award-winning paper - CERIAS - Purdue University
- Learning AI at school — a peek into the black box - Raspberry Pi
- 1. Perception: Computers perceive the world using sensors
2. Representation & reasoning: Agents maintain models/representations of the world and use them for reasoning
3. Learning: Computers can learn from data
4. Natural interaction: Making agents interact comfortably with humans is a substantial challenge for AI developers
5. Societal impact: AI applications can impact society in both positive and negative ways
- NVD - Statistics
- ZFS focus on Ubuntu 20.04 LTS: ZSys general principle on state management · ~DidRocks
- The pros and cons of vulnerability scanning - IT Governance UK Blog
- FinalRecon - The Last Web Recon Tool You'll Need
- Bipartisan Bill Would Boost Cybersecurity Research
- Under the bill, the new technology directorate would receive $100 billion from 2021 to 2025 to invest in 10 focus areas that will be reviewed and updated every four years. These are:
Cybersecurity, data storage and data management technologies;
Artificial intelligence and machine learning;
Quantum computing and information systems;
High-performance computing, semiconductors and advanced computer hardware;
Robotics, automation, and advanced manufacturing;
Natural or anthropogenic disaster prevention;
Advanced communications technology;
Biotechnology, genomics and synthetic biology;
Advanced energy technology;
Materials science, engineering and exploration relevant to the other key technology areas
- Why (and When) You Need Computer Forensics | Pivot Point Security
- Websites Conducting Port Scans - Schneier on Security
- Bluetooth Vulnerability: BIAS - Schneier on Security
- How to Deploy Photon OS on VMware
- Top 8 Container Security Best Practices – Notes from MWhite
- 1. Docker runtime security
2. Docker image authenticity
3. Use Docker secrets to manage sensitive data
4. Limiting resources
5. Using a SECCOMP profile to limit system call
6. Access management
7. Complete lifecycle management
8. Container monitoring
- IOCREST IO-PEX40152 PCIe x16 to Quad M.2 NVMe PEX Switch PCIe Card Review - The Tech Journal
- Book Review: Call Sign Chaos: Learning to Lead – The Personal Blog of Sean Goodwin
- You don’t always control your circumstances, but you can always control your response.
The first is competence. Be brilliant in the basics. Don’t dabble in your job; you must master it.
Second, caring. To quote Teddy Roosevelt, “Nobody cares how much you know, until they know how much you care.”
- Verifying Windows binaries, without Windows | Trail of Bits Blog
- The Friday 15: All About PAM in 15 Minutes - Security Boulevard
- The 9 Types of Security Vulnerabilities
- The 9 Types of Security Vulnerabilities:
1. Unpatched Software
2. Misconfiguration
3. Weak Credentials
4. Phishing, Web & Ransomware
5. Trust Relationship
6. Compromised Credentials
7. Malicious Insider
8. Missing/Poor Encryption
9. Zero-days & Unknown Methods
- Hungry for Automated Security Controls? Try These Recipes
- Microsoft warns of PonyFinal ransomware attacks - Security Boulevard
- Modern Cyber Defense Books - Security Boulevard
- Modern Cyber Defense Books
- How to build hands-on cybersecurity skills on a budget
- The 3 Reasons CVSS Scores Change Over Time - Security Boulevard
- 1. CVSS Base Score changes
2. CVSS Temporal Score changes
3. CVSS Environmental Score changes
- Enemy Unseen – Part I: How the Dark Web is Shaping Cybercrime - Security Boulevard
- 5 Tips How to Secure Your Backups | ESX Virtualization
- Secure Your Backup Architecture itself
Encrypt your backups, configuration backups (including the credentials)
Cloud Repository for Backup Copy jobs with Immutability feature (a Must)
Cloud Connect, Passwords and more…
3-2-1 Backup Rule
AntiVirus Quarantine
- Book Review: Operator Handbook · System Overlord
- A Look at the 5 Most Common Types of Cyberattacks - Blog | Tenable®
- Malware: This catch-all term encompasses a number of different cybersecurity threats, including everything from viruses and worms to banking trojans, adware, spyware and ransomware. Once these programs gain access to a targeted system, they can steal, destroy, encrypt or corrupt valuable databases, files and applications.
Phishing/social engineering: We've all received emails that might look normal at first but have one or more suspicious details, urging us to click on a URL or download a file. Often used to steal login details and the confidential info those credentials protect, phishing scams are also used as delivery systems for malware or other exploits, and they can be deployed via email, phone or SMS.
Man-in-the-middle attacks (MitM): These entail intrusions upon two-party transactions — e.g., between an individual and their bank — intended to steal data shared between the two. MITM attacks may be especially dangerous for organizations that have employees who work remotely on public Wi-Fi (at a coffee shop or library), as they can only be carried out over unsecured networks or if one party's device is already compromised.
Denial of service (DoS): Hackers overwhelm servers or networks with frivolous traffic to render IT infrastructure useless in denial-of-service attacks, often to force the victim to pay a ransom. DoS campaigns can originate from one computer and internet connection or many; the latter are distributed DoS attacks, often coordinated by botnets.3 Botnet-driven DoS attacks can simultaneously cripple dozens of organizations across multiple continents, as seen in the infamous Mirai and WannaCry attacks.
Structured Query Language injection: SQL remains the most common method by which essential communications in a relational database occur.4 The injection of malicious code puts a database at the mercy of an unauthorized user, who can then steal any business-critical information within it.
- GitHub - keydet89/RegRipper3.0: RegRipper3.0
- Why Your Cyber Resilience Plan Doesn’t Include Windows 7 | Webroot
- Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing
- Managing cybersecurity like a business risks: Part 1—Modeling opportunities and threats - Microsoft Security
- Vulnerability Disclosures Drop in Q1 for First Time ...
- "Everything that is an outlier for us is due to COVID-19," he says. "But based on that, I could give you reasons why the numbers should be higher or should be lower because you can argue either way based on theories of COVID-19's impact."
"Everything that is an outlier for us is due to COVID-19," he says. "But based on that, I could give you reasons why the numbers should be higher or should be lower because you can argue either way based on theories of COVID-19's impact."
"It is very difficult to say at this point, because we have just finished up with Q1, and it is so soon after COVID," he says. "We are close to on par for last year. It may have been a case with it just being a slow first quarter."
- Vulnerabilities Disclosed in Q1 2020 Decreased by 19.8% – RBS
- How Elite Protectors Operationalize Security ...
- Principle 1: Rehearse the Plan
Principle 2: Watch the Target
Principle 3: Don't Rely on the Perimeter
Principle 4: The Right Mindset
Principle 5: The Right People
The key tenets of U.S. Special Operations Forces (SOF) are expressed in the "SOF Truths" that humans are more important than hardware and quality is better than quantity.
- How to Pay a Ransom: A Step-By-Step Guide for ...
- Step 1: Assess the Situation
Step 2: Enlist Outside Help
Step 3: Test the Decryption Codes
Side Note: Don't Try to Negotiate
Step 4: Decrypting the Network
How to Avoid This Mess at All Costs
- The Problem with Artificial Intelligence in Security
- 3 Questions Your Board Has About Cybersecurity - Security Boulevard
- Where are we on the cyber-risk spectrum?
Where do we want to be?
How do we get there?
- Valak a sophisticated malware that completely changed in 6 monthsSecurity Affairs
- Thermal Imaging as Security Theater - Schneier on Security
- How to Rotate and Compress Log Files in Linux with Logrotate
- Overdose Death Solved with Digital Forensics | SENSEI ENTERPRISES, INC.
- How to Write an Installable Django App – Real Python
- Disrupted CVE Assignment Process – Michael Catanzaro
- Bao: a lightweight static partitioning hypervisor [LWN.net]
- Android Mirroring App 'Scrcpy' Just Added a Bunch of New Features - OMG! Ubuntu!
- Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor
- 1. OSSEC
2. TheHive Project
3. osQuery
4. Nessus Vulnerability scanner
5. SNORT
6. Ettercap Project
7. Infection Monkey
8. Cuckoo Sandbox
9. GRR Rapid Response
10. MIG by Mozilla
- Why you should be securing access to web applications - SecureLink
- 94% of enterprises already use a cloud service
83% of enterprise workloads will be in the cloud by 2020.
- Understanding Azure AD's Premium P1 Tier - JumpCloud
- Benefits of Azure AD Premium P1
Azure AD Premium P1 offers the following features:
All of the features listed for Azure AD Office 365 apps
SSO for an unlimited number of pre-integrated SaaS applications
Self-service application assignment to enable users to self-discover and request access to applications; this enables cloud app discovery
On-premises write-back for all password changes
Group-based access management and provisioning (comes with additional provisioning customization)
Advanced usage reporting
Application proxy for remote access to on-prem applications
Microsoft® Identity Management (MIM) Client Access Licenses (CAL) + MIM server for simplified lifecycle user management
Conditional access based on device state or location and group
Automated password rollover for group accounts
For Windows® 10 Pro: desktop SSO, Microsoft Passport for Azure AD, and Administrator Bitlocker recovery
MDM auto-enrollment, self-service BitLocker recovery, additional local admin tooling to Windows 10 Pro devices via Azure AD Join
The premium features offered by Azure AD Premium P1 are attractive. However, there are drawbacks to consider with AAD Premium P1 as a holistic identity management solution.
Drawbacks of Azure AD Premium P1
As mentioned earlier, Azure AD is designed to work in conjunction with a directory service and lacks certain features most organizations find necessary. For example, no matter the subscription tier, AAD lacks the ability to manage user access to networks via RADIUS.
Also, AAD’s system management capabilities are exclusive to Windows 10 Pro, so organizations invested in systems beyond Windows (such as macOS® and Linux®) or beyond a single version of Windows may struggle to make AAD work on its own. Organizations that enact AAD likely need to buy additional solutions to manage Mac, Linux, and additional Windows systems.
Because of this, many IT administrators choose to implement their AAD instances in conjunction with a directory service. They often use on-prem Active Directory, which syncs with AAD via Azure AD Connect, allowing users to leverage their AD credentials for SSO to web applications and Azure infrastructure. To be fair, Microsoft’s reference architecture specifically includes AD on-prem as part of the overall approach.
Unfortunately, this ingrains many admins in hybrid infrastructure, which is less than ideal for cloud-forward organizations looking to leave behind the time-intensive and costly nature of legacy hardware. Additionally, AD’s RADIUS authentication is done via an on-prem NPS server, which represents additional on-prem infrastructure, so many IT admins looking to move past legacy hardware find that AD + AAD isn’t the ideal choice.
Admins looking to use Azure AD Premium P1’s expanse of services typically choose it for its cloud-based infrastructure, so finding a cloud-based directory service to complement AAD may be a better fit.
- What the World's Elite Protectors Teach Us about ...
- Principle 1: Know What You're Protecting
Principle 2: Plan Obsessively
Principle 3: Harden the Target
Principle 4: Study the Threat but Don't Obsess
- 6 Steps Consumers Should Take Following a Hack
- Don't Panic
Be Prepared to Defend Yourself
Notify the Right Authorities
Be Proactive
Use Some Good Digital Tools
Practice Cyber Hygiene
- How To Manage the Pen Testing Skills Shortage - Security Boulevard
- Automating nmap scans
- nmap -sT -A <scan_target>
nmap -sT -A -iL <address_file>
nmap -sT -A -iL <address_file> -oA nmap_current
- Cloud Security Architect Proves Hardest Infosec ...
- CMMC "ownership" Heat Map - IT vs Cyber vs Process Owners
- When Bandwidth Doesn’t Last | Imperva
- Creating and Modifying PDF Files in Python – Real Python
- Downtime Costs up to $50,000 per Hour for SMBs Struggling with Cybersecurity, New Research Shows - Security Boulevard
- A tenth of SMBs said their downtime cost more than $50,000 per hour, and 13% said it cost between $40,000 and $50,000 per hour. A quarter put the per-hour cost of downtime for their business at between $20,000 and $40,000.
- What You Need to Know About Reverse Proxy - Security Boulevard
- The Mediocre Programmer – What is The Mediocre Programmer?
- Patterns of Compromise: The EasyJet Data Breach - CounterPunch.org
- Photoframe Hack
- Sysadmin careers: The 5 steps of problem solving | Enable Sysadmin
- How to Install and Configure Apache Tomcat 9 on Ubuntu 20.04 LTS
- Financial Independence - simulating ODEs with python
- $13 RPI_AC108 Audio Board Ships with a 4-Mic Array for Raspberry Pi
- Sysadmin skills: What junior sysadmins need to know | Enable Sysadmin
- Working Remotely with FOSS tools – life one degree north, one-o-three degrees east
- The Best Linux Drawing Tablet in 2020 (Reviews)
- 6 things Oracle could do for a better ODA - Blog dbi services
- 1) Make robust and reliable releases
2) Make a real GUI
3) Integrate Data Guard management
4) Get rid of GI for ODA lites
5) Make IPs modifiables
6) Be proud of this product!
- Automate AWS deployments with Ansible + Terraform - Blog dbi services
- 3D map of a heart's 'brain' | Engadget
- Jaffar's (Mr RAC) Oracle blog: Oracle Cloud & Third party tools
- According to Commvault, over 80% of companies are using the multi-cloud today. Commvault Cloud Backup solution provides support backup and recovery for over 40% clouds. This can ease backup and recovery operations between clouds.
- Announcing Our State of Software Security: Open Source Edition Report - Security Boulevard
- 40% of IT professionals believe that public clouds are more secure than on-premise environments - Security Boulevard
- Nearly 9 out of 10 participants in the survey use software-as-a-service (SaaS) as their main delivery mechanism for business-critical applications, and “organizations cite, on average, a 9% increase over the next 24 months.”
Moreover, research shows that over a third of business-critical operations will be migrated to the cloud in the next 24 months.
55% of businesses said that 41% of server workloads will be in the cloud within 24 months, but more than a half of their servers will remain on-premise or in “customer-managed colocation facilities.”
- New Healthcare Legislation: Striking a Balance Between Privacy and Convenience
- Preparing for SEC Cyber Compliance with JumpCloud
- Growing Needs Of Cybersecurity Professionals - An Statistical Analysis
- When Remote Work Isn't an Option: Industrial Security in the COVID-19 Era - Blog | Tenable®
- Learn How to Embrace Risk-Based Vulnerability Management - Blog | Tenable®
- iFixit Creates Free Medical Repair Database - TidBITS
- MultiCD - Create a MultiBoot Linux Live USB
- Doc Searls Weblog · The GDPR’s biggest fail
- Cultural Approaches to Transformations
- 9 Types of Digital Security Risks | securitywing
- 1. Data risk
2. Cybersecurity risk
3. Reputational risk
4.Talent shortage and cultural risk
5.Privacy risk
6. Third-party risk
7. Technology risk
8. Artificial intelligence risk
9.compliance risk
- How GitOps Raises the Stakes for Application Security
- How to Talk to Senior Executives About Cybersecurity - Security Boulevard
- 1. Align with business goals
2. Use Visualizations
3. Quantify
4. Show trends
- Reporting Cyber Threats: Executives at Risk - Security Boulevard
- Run Scripts on Remote Employee Workstations & Laptops - JumpCloud
- Webinar Recap: Re-Think your PKI: Build, Buy or Bring in Reinforcements - Security Boulevard
- Luckily, you’ve got options to stand up and manage a modern PKI:
Traditional In-House PKi: Deploy and manage your own PKI internally, using internal infrastructure and staff to run it
Managed In-House PKI: Deploy PKI in-house and bring in help from a third-party provider for additional expertise and oversight.
PKI as-a-Service/Managed PKI: Use a third-party service provider to deploy, manage, and host your PKI infrastructure in the cloud
- Worst (and best) Practices for Giving Online Speeches | The Notes Guy in Seattle
- An Information Security Glossary of Terms | Daniel Miessler
- How Cloud-init can be used for your Raspberry Pi homelab | Opensource.com
- How to create and manipulate tar archives using Python - LinuxConfig.org
- OMG! Run for the hills! FIVE new Windows zero-days published @ AskWoody
- https://cset.georgetown.edu/wp-content/uploads/CSET-A-National-Security-Research-Agenda-for-Cybersecurity-and-Artificial-Intelligence.pdf
- FaradaySEC | Multiuser Pentest Environment
- Exploring OSQuery With Jupyter – JerryGamblin.com
- Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security
- Nishang
- GitHub - jaeles-project/jaeles: The Swiss Army knife for automated Web Application Testing
- Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers
- Build support for open source in your organization - Microsoft Security
- Success in security: reining in entropy - Microsoft Security
- Cybersecurity best practices to implement highly secured devices - Microsoft Security
- How to Audit Web Applications & Servers with Tishna « Null Byte :: WonderHowTo
- 8 Top Free and Open source Desktop GIS mapping software | H2S Media
- What to do if you think you'll be laid off - The Silicon Underground
- Percona Managed Database Services
- The Best Free Homeschool Printables and Templates for Parents
- GoboLinux - the alternative Linux distribution
- How To Write Log Files In RAM Using Log2ram In Linux - OSTechNix
- Everyone in InfoSec Should Know How to Program · System Overlord
- Windows DNS Server Denial of Service vulnerability | Born's Tech and Windows World
- Wells Fargo cannot follow its own phishing security advice – Jason Pearce
- Machine Learning 101: Outliers introduction – Marksei
- Windows 10 Search Cheat Sheet: Shortcuts and Tips to Know
- The Raspberry Pi Hub: 45+ Tips, Tricks, Tutorials, and Guides
- Bolt Depot - Fastener Information - Terminology, Measurement, Materials and more
- ZRAM Boosts Raspberry Pi Performance | Hackaday
- Raspberry Pi Performance: Add ZRAM and these Kernel Parameters
- Systemantics | Cool Tools
- This book made me
1) not worry about understanding a colossal system — you can’t, 2) realize I can change a system — by starting a new one, and
3) avoid starting new systems — they don’t go away.
-KK
- Deno
- Why CIS Benchmarks are Critical for Security and Compliance
- Jacqueline von Ogden
- HVAC Installation Cost 2019 - What's a Fair Price for a New Heating and Air Conditioning Installation?
- How to Avoid Fraud and Service Gaps While Building a Sustainable Contact Center Strategy for the Future | Pindrop
- CERIAS - Center for Education and Research in Information Assurance and Security - Purdue University
- Business Case Studies for CISOs | SANS Institute
- The Importance of C-Suite and Boards Engaging in Third-Party Cyber Risk Management
- How to Easily Set Up a DNS over TLS Resolver with Nginx on Ubuntu
- Passive Income Ideas: 35 Strategies to Boost Your Income In 2020
- Downeast Maine Pumpkin Bread | Allrecipes
- Flourless Chocolate Cake I | Allrecipes
- Flourless Chocolate Cake I | Allrecipes
- Hungarian Flourless Hazelnut Cake | Allrecipes
- Hungarian Flourless Hazelnut Cake | Allrecipes
- Irish Potato Candy | Allrecipes
- The Industrial Revolution 5.0 (or 6.0) — Symptom of Totally Incompetent Management at the European Patent Office | Techrights
- Freedom Is Not Possible Without Privacy | Techrights
- Oracle SQL Developer for the DBA Slides & Video – ThatJeffSmith
- Mitsubishi hackers may have stolen details of prototype missile
- Comprehensive Guide on Password Spraying Attack
- Framework for Managing Identity in Healthcare Introduced
- How CISOs Can Achieve Better Network Visibility
- Australia Digital Health Records System Attacked
- Toll Group Data Leaked Following Second Ransomware Incident
- With apologies to Oscar Wilde: "To suffer one ransomware outbreak may be regarded as a misfortune; to suffer two looks like carelessness."
- Cybersecurity Leadership: What’s Your 180-Day Plan?
- GAO: Chemical Plants Vulnerable to Cyberattacks
- Is China Making a Major Strategy Mistake? | Daniel Miessler
- Are There Such Things as Anti-Fragile Stocks? | Daniel Miessler
- Analysis of the 2020 Verizon Data Breach Report | Daniel Miessler
- Software Bill of Materials (SBOM) work at NTIA
- CERTIFICATIONS | NetSec OPEN
- The Need for Compliance in a Post-COVID-19 World
- 4. Are there any specific regulations that address remote work?
This March, NIST released a draft revision of NIST 800-124, Rev 2 Guidelines for Managing the Security of Mobile Devices in the Enterprise.
NIST also developed NIST 800-46 Rev. 2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.
Both these NIST guidelines are mapped to applicable NIST SP 800-53 security controls and Cybersecurity Framework Version 1.1 functions, categories, and subcategories so you can check your compliance with these controls and update them as necessary.
- 60% of Insider Threats Involve Employees Planning ...
- More than 80% of employees planning to leave an organization bring its data with them. These "flight-risk" individuals were involved in roughly 60% of insider threats analyzed in a new study.
Researchers analyzed more than 300 confirmed incidents as part of the "2020 Securonix Insider Threat Report." They found most insider threats involve exfiltration of sensitive data (62%), though others include privilege misuse (19%), data aggregation (9.5%), and infrastructure sabotage (5.1%). Employees planning an exit start to show so-called flight-risk behavior between two weeks and two months ahead of their last day, the researchers discovered.
Most people who exfiltrate sensitive information do so over email, a pattern detected in nearly 44% of cases. The next most-popular method is uploading the information to cloud storage websites (16%), a technique growing popular as more organizations rely on cloud collaboration software such as Box and Dropbox. Employees are also known to steal corporate information using data downloads (10.7%), unauthorized removable devices (8.9%), and data snooping through SharePoint (8%).
- Unpatched Open Source Libraries Leave 71% of Apps ...
- Unpatched Open Source Libraries Leave 71% of Apps Vulnerable
PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.
- Web Application Attacks Double from 2019: Verizon DBIR
- Cybersecurity Extends Far Beyond Security Teams & ...
- Announcing Oracle Solaris 11.4 SRU21 | Oracle Solaris Blog
- Burp Suite Professional for Web Application Security Part Two
- Burp Suite Professional for Web Application Security
- EPIC - PA Supreme Court Says State Can Fire Employee for Facebook Post
- called social media “the modern public square.”
- Linux security: 8 more system lockdown controls | Enable Sysadmin
- How to analyze disk space usage on Linux from the Terminal
- Booting ISO images, 2020 edition - Random notes from mg
- Turn your Raspberry Pi homelab into a network filesystem | Opensource.com
- Self Hosting with Raspberry Pi and Argo Tunnels - Nick - Medium
- Grafana 7.0 Released
- CCNA Training » JSON Tutorial
- PostgreSQL Shared Buffers vs free RAM - Blog dbi services
- RagnarLocker Deploys a Virtual Machine to Hide Ransomware
- Oracle Standard Edition on AWS ☁ socket arithmetic - Blog dbi services
- TL;DR: 4 vCPU count for 1 socket and 2 sockets count for 1 server wherever hyper-threading is enabled or not.
- Top STIG – Part 5 (Default Passwords) | Late Night Oracle Blog
- Warning: Infected Cookie Consent logo delivers Ransomware | Born's Tech and Windows World
- Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments
- Mom, You Can’t Post Pictures of My Child—Because GDPR - Security Boulevard
- How to Clear the Logs & History on Linux Systems to Cover Your Tracks & Remain Undetected « Null Byte :: WonderHowTo
- Security 101: Cross-Site Scripting
- Postel's law in development
- A look at how Jitsi became a ‘secure’ open-source alternative to Zoom
- Windows: Reverse RDP attacks in third-party software possible | Born's Tech and Windows World
- Key cybersecurity trends for 2020
- Cybersecurity best practices to help protect businesses
- How to Use VPR to Manage Threats Prior to NVD Publication
- Securing the cloud for healthcare
- How To Boot From USB Drive In Virtualbox In Linux - OSTechNix
- How to Set Up OpenStreetMap Tile Server on Ubuntu 20.04 - LinuxBabe
- How To Create Multiboot USB Drives With Ventoy In Linux - OSTechNix
- Percona users detail open source database challenges
- Hardening QEMU through continuous security testing
- Healthcare resource planning optimization built from the frontline
- Linux Fu: Alternative Shells | Hackaday
- Oracle’s Linux Team Wishes the Java Community a Happy 25th | Oracle Linux Blog
- Linux at Home: DIY security solutions for the home - LinuxLinks
- stup - Daily notes in the terminal
- Transfer speeds
- Raspberry Pi HAT offers up to 40W class D amp
- Scientists create a cyborg eye that mimics the real thing | Engadget
- Who invented the index fund? A brief (true) history of index funds
- Work From Home Productivity (15 Methods You Don't Normally Hear)
- Bans on Foreign Equipment in U.S. Critical Infrastructure - Lawfare
- U.S.-China Rivalry After COVID-19: Clues and Early Indications from Southeast Asia - Lawfare
- Reexamining the Solarium Commission’s Proposal for a National Cyber Director - Lawfare
- New Teensy 4.1 Arrives With 100 Mbps Ethernet, High-Speed USB, 8 MB Flash | Hackaday
- A More Open Raspberry Pi Camera Stack With Libcamera | Hackaday
- The Vaccine Factory Inside You: RNA Vaccine Basics | Hackaday
- Open MCT - Open Source Mission Control Software — Open MCT
- As I See It: COBOL In The Time Of COVID - IT Jungle
- Trends from the Trenches Digital - Part 2 - Live Panel | BioTeam
- Trends from the Trenches Digital - Part 1 - Keynote | BioTeam
- Share your keyboard and mouse between computers with Barrier - Raspberry Pi
- Setting up two-factor authentication on your Raspberry Pi - Raspberry Pi
- Notes from DEVOPS 2020 Online conference - Rule of Tech
- An empirical guide to the behavior and use of scalable persistent memory – the morning paper
- Understanding, detecting and localizing partial failures in large system software – the morning paper
- Troy Hunt: The Unattributable "db8151dd" Data Breach
- db8151dd
- MSP360 – Evolving Cloud Backup with AWS for Over a Decade | AWS News Blog
- TOGAF Certification: 5 Reasons Why You Should Do It – Technology
- Import OVA as Proxmox VM | It's full of stars!
- The Best Office Desk Chair for Back Pain and Posture: 9 Great Options
- 7 Naming Tips for Your Hardware Devices: Routers, USB Drives, and More
- Polyglot Club Official Website - Practice languages and find friends
- Introducing Coffee Break Languages - Coffee Break Languages
- OPSEC Is For Everyone, Not Just Those With Something To Hide - Pt 3
- OPSEC Is For Everyone, Not Just For Those With Something To Hide Pt. 2
- Why OPSEC Is for Everyone, Not Just for People with Something to Hide
- Employees Share an Average of 8 Passwords between Personal and Work Accounts, Survey Shows - Security Boulevard
- Windows File Auditing Log and more with FileAudit - Security Boulevard
- May Open Source Security Vulnerabilities Snapshot - Security Boulevard
- Ramsey Malware - Schneier on Security
- TEMPEST Comes To GNU Radio | Hackaday
- Dr. Anthony Fauci, Infectious Disease Slayer | Hackaday
- Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1 | PeteNetLive
- DSHR's Blog: The Death Of Corporate Research Labs
- A Pulse Oximeter From Very Little | Hackaday
- Books You Should Read: The Boy Who Harnessed The Wind | Hackaday
- Crunching Giant Data From The Large Hadron Collider | Hackaday
- SSH, OATH OTP and LDAP – Stuff I'm Up To
- Top epidemiologist Marc Lipsitch on whether we're winning or losing against COVID-19 - 80,000 Hours
- Always-on Grafana dashboard using Raspberry Pi touchscreen | Logan Marchione
- Majority of CEOs lose sleep over cybersecurity worries
- SD cards are about to get insanely fast
- The hidden cost of GDPR data access requests
- Advanced Observability Teams See Big Efficiency Gains - Part 2 | APMdigest - Application Performance Management
- Advanced Observability Teams See Big Efficiency Gains - Part 1 | APMdigest - Application Performance Management
- Watchman - A File and Directory Watching Tool for Changes
- The Cyberspace Solarium Commission Makes Its Case to Congress - Lawfare
- An open source HTTP router to increase your network visibility | Opensource.com
- Problems with installing modules from the PowerShell Gallery - ivobeerens.nl
- What's in My Portfolio (and How I Manage It)
- 24 open source tools for the serverless developer: Part 1 : idk.dev
-
- Hackers Steal $10M in "Wonderfully Done" fraud from Norway’s State Investment Fund
- Sharingan - Offensive Security Recon Tool
- Sharingan
- BSidesSF 2020 - Brianne Hughes' 'How To Write Like It's Your Job' - Security Boulevard
- Cybersecurity and COVID: 5 Lessons - Security Boulevard
- Internet Exploiter: Understanding vulnerabilities in Internet Explorer
- It's Time to Broaden the Definition of a Vulnerability - Security Boulevard
- Patch Management Policies & Processes | Avast - Security Boulevard
- Guide: 21 OSINT Tools for Threat Intelligence - Security Boulevard
- Data Security and Threat Models - Security Boulevard
- BSidesSF 2020 - Clint Gibler's 'How To 10X Your Company’s Security (Without A Series D)' - Security Boulevard
- GitHub - sqitchers/sqitch: Sensible database change management
- How to create an Active Directory Domain on Windows Server 2019 - The Tech Journal
- A Brief Summary of NIST Password Guidelines | Enzoic
- DevSecOps Delivered: Automated GitHub Pull Requests
- Gain Early Access and Help Shape Our AI Risk Engine - Security Boulevard
- 5 CISO Priorities During the COVID-19 Response - Security Boulevard
- 1. Secure remote users.
2. Identify risk as quickly as possible.
3. Work nimbly.
4. Stay vigilant and educate against new phishing techniques.
5. Lean on AI.
- Infosec Professionals Are More Worried About Corporate Security than Their Own Home Security - Security Boulevard
- What organizational psychology teaches us about employee engagement | Opensource.com
- Microsoft Teams Shifts [Hands-On Tutorial]
- The Dramatically Changing Role of the CISO - Security Boulevard
- Healthcare organizations targeted with password spraying attacks - TechRepublic
- Staying SOC 2 Compliant with Remote Workers - JumpCloud
- In New Normal, Digital Transformation Accelerates in Industrial Networks - Security Boulevard
- Antivirus & Multiple Detections
- Understanding Cyber Resilience: The 4 Stages of a Breach - Security Boulevard
- Security: COVID-19 Is Changing How America Works - Security Boulevard
- very organization needs to …
Understand their remote access needs in terms of users, applications and resources to assess respective physical, virtual or user-based connection capacity and throughput.
Enterprises will need to determine if key applications and resources, whether on-premises or cloud, will require increased capacity during times of crisis and apply to an emergency capacity plan. If you have not mapped out a user, role, application and resource access policy and data protection obligations, don’t wait for this emergency to spur unauthorized access incidents.
Assess your licenses and capacity shifting options in advance and work in advance with security and IT vendors to ensure that you can add bandwidth capacity, as well as deploy software to handle burst load and added regional workforce shifts.
Having these provisions in place will allow greater flexibility and time to work through emergency access conditions, such as In Case of Emergency (ICE licenses) that automatically accommodates burst licenses and means to shift licenses among appliances.
Move from physical to virtual and cloud secure access. Many secure access vendors now have physical appliance ordering backloads or regional and country fulfillment limitations that can take months before deployment and configuration tuning can commence. If the opportunity presents itself, move to virtual and cloud appliances and clientless mode to realize more rapid on-demand implementation and scale options.
Don’t wait to communicate and invoke an endpoint security policy. Enforcing endpoint compliance and offering self-remediation capabilities will reduce phishing, ransomware and other threats introduced by increased remote users and potential at-risk device use.
Don’t assume scalability from your next-generation firewall: Some organizations have activated SSL-VPN functions within their next-generation firewall (NGFW). While NGFW offers basic tunneling services, the SSL decode and tunnel management do impact NGFW performance. As companies expand the number of people remotely connecting to network and cloud resources from home, the sheer transaction volume will require a significant and often costly increase in NGFW capacity—including the purchase and management of more NGFW appliances and licenses. Consider dedicated VPN solutions that overcome emergency capacity, scale and management challenge, but typically offer a broader array of application support and endpoint security options.
Support global load balancing and application delivery controller technology so that users are directed where resources are best available that ensure consistent user experience and application responsiveness.
Enable mobile device security options to accommodate broader corporate and personal device use that can provide for more flexible access while ensuring these devices meet corporate security policy and safeguard sensitive data.
Allow capabilities that simulates being on-premises, which often include Layer 3 access to a specific subnet, HTML5 access to local machines or virtual desktop infrastructure. This allows privileged users and service technicians emergency means to allow for full troubleshooting or make necessary system changes.
- UK Power Grid Network Middleman Struck by Digital Attack
- NIST Introduces Framework for Secure Software Development - Security Boulevard
- Cloud Series: Authorize Anyone, Anything with Macaroons - Security Boulevard
- Great Minds Think Alike: Aligning Security With Business Priorities - Security Boulevard
- 3-2-1 Backup Rule: The Rule of Thumb to Solve Your Data Loss Problems - Hashed Out by The SSL Store™
- DigitalOcean Accidentally Leaks Customer Data - Security Boulevard
- The Definitive Cyber Security Statistics Guide for 2020 - Hashed Out by The SSL Store™
- Cloud LDAP for MSPs - JumpCloud
- Avoiding healthcare vendor compliance nightmares with third-party remote access best practices - SecureLink
- Data Classification: Protecting Sacred Data in the Cloud - Security Boulevard
- Green data: A quick reputation hit—likely related to publicly available data or confidential company records.
Yellow data: Issuing a breach notification because sensitive customer data has been exposed.
Red data: Major news cycle, extreme fines, loss of customer confidence and trust, potential loss of more than 50% of revenue, all the way to a company extinction-level event.
- 4 Major Signs You Need to Focus on Network Vulnerabilities - Blog | Tenable®
- #1. It's been a while since you’ve performed an assessment
#2. The IT budget is short on security
#3. Observable unawareness of cybersecurity among staff
#4. Disorganized accounts
- The 15 Best Hacking Apps for Android Device in 2020
- May Device Threat Report - Security Boulevard
- Kubernetes Autoscaling Explained - Top 3 Methods - Security Boulevard
- 1. Pod Replica Count
2. Cluster Autoscaler
3. Vertical Pod Autoscaling
- Understanding What's Happening In Your Directory - JumpCloud
- How could artificial intelligence help in avoiding data breaches? - Security Boulevard
- Report: More Unknown Devices on Corporate Networks - Security Boulevard
- Quick Tip #4 - Dshell - Security Boulevard
- 5 Ways to Protect Scanning Credentials for Linux, macOS and Unix Hosts
- Choosing the Right Architecture for Your Nessus Agent Deployment - Blog | Tenable®
- Tenable Bolsters Container Security to Capture Open-Source Vulnerabilities
- CVE-2020-2883: Oracle WebLogic Deserialization Vulnerability Exploited in the Wild - Blog | Tenable®
- 5 Ways to Protect Scanning Credentials for Windows Hosts - Blog | Tenable®
- BSides Knoxville 2020 - Alyssa Miller's 'Reality Lost: Deepfakes Changing The Face of Attacks' - Security Boulevard
- Set Up Your Own WireGuard VPN Server on Debian - LinuxBabe
- How to Stop Phishing Attacks | BizTech Magazine
- X-Force IRIS Overcomes Broken Decryption Mechanism in Jest Ransomware
- Why organizations shouldn't automatically give in to ransomware demands - TechRepublic
- Chris's Wiki :: blog/sysadmin/ManyNFSFilesystemsWhy
- Chris's Wiki :: blog/solaris/ZFSGuaranteeFreeSpace
- SSH Authorized_Keys and LDAP – Stuff I'm Up To
- Coronavirus-themed attacks May 10 – May 16, 2020 - Security AffairsSecurity Affairs
- Security-business alignment hinges on shared definitions of security
- Rational Security
- Are we ready for Cloud Workspaces? - ShiftLeft Blog
- TL;DR - Yes, we are getting there, and we ❤️ them already!
- ShiftLeft Scan ❤️ GitHub - ShiftLeft Blog
- Summary: Capital and Ideology | Daniel Miessler
- Daniel Miessler - "Inequality manifests itself in identifiable patterns throughout history, and it’s possible to identify those patterns, and to counter the forces that lead to them by creating a political system that’s inclusive and participatory by design."
"We used to be heavily focused on three basic levels of society: workers, soldiers, thinkers, and these three can be seen repeating for millennia throughout history"]
- UK Supercomputing Service ARCHER Still Offline ...
- As Businesses Rush to the Cloud, Security Teams ...
- Office Cyber Security and COVID-19: Are You Prepared? - Delta Risk
- 1. Physically check all equipment and devices
2. Segment users until in compliance
3. Use automated tools to validate compliance
Preparing for the Future of Office Cyber Security and COVID-19
Processes
How long did it take you to transition to working effectively as a remote employee?
When working remotely, is the way you work impacted significantly?
Do you know who to call if you have a technical issue? Are those calls or emails answered promptly?
Are lines of communications to your supervisors, co-workers, and subordinates open?
Are there any tasks that you’re unable to do from home? How could we fix this going forward with technical solutions or changes to our existing processes?
Technology
Was your home Internet access adequate to conduct work as you were accustomed?
Did you have to take any office equipment home to do your work?
Are you doing any company work on any personal equipment (laptop, home computer, printer, computer monitor, etc.)?
What technology or equipment makes working at home easier?
What technology or equipment do you miss most from the office?
If you could add one thing to your home office, what would it be?
Are you able to access all required network resources?
Was it difficult to set up your home office for work tasks?
Did you know what equipment you needed to set up for work from home?
- HITRUST hopes vendor-risk tool can help health care during pandemic
- How To Configure a Shared Mailbox in Office 365. – TDSheridan Lab
- Performance Testing Strategy for Digital Enterprise Platforms | APMdigest - Application Performance Management
- Configuring Windows Firewall Rules with PowerShell | Windows OS Hub
- Democratising Enterprise Storage Pricing - Architecting IT
- Moving to Unstructured Data Stores - Architecting IT
- On the radar: An exploit for CVE-2020-1048, Windows Print Spooler elevation of privilege @ AskWoody
- CVE-2020-1048
- Security incident at the Santander Bank website in Belgium | Born's Tech and Windows World
- DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences
- Why diagrams are critical to your open source project documentation | Opensource.com
- DSHR's Blog: Economics Of Decentralized Storage
- New HCL Notes, Domino, & Connections content is back on Domino! | The Notes Guy in Seattle
- Erman Arslan's Oracle Blog: OBIEE - Exadata - GRID -- Two tips on OBIEE Patching and Grid Patching/Upgrade
- How to Use GhettoVCB to Back up Your VMs
- Terence Luk: Troubleshooting slow Windows VDI logon performance with Citrix Director and Windows Event Logs
- Azure Cloud Shell - For Real! - Cloud for the win!
- Cloud Governance - The Best Way - Cloud for the win!
- Right Tool For The Job - Cloud for the win!
- Building a Multi Regional Web Application with Azure Front Door - Cloud for the win!
- Check CVE-2020-1048 with AutoRuns | >_
- BackBox Linux 7 released! - BackBox.org Blog
- Simple Dialer is a free, open-source alternative to your default phone app
- How to Redial Busy Phone Lines Automatically on Your iPhone or Android Phone « Smartphones :: Gadget Hacks
- Brane Dump: Private Key Redaction: UR DOIN IT RONG
- Commands To Check Bad Sectors On Hard Disk In Linux – Itsubuntu.com
- Encrypt a USB stick | dt.iki.fi
- Mandrake – owning Android devices since 2016 – Bitdefender Labs
- How to create a bridge network on Linux with netplan - TechRepublic
- How to Remote Control Your Raspberry Pi Camera from the Web | Tom's Hardware
- How to Install Parse Server with dashboard on Ubuntu 20.04 – TecAdmin
- How to Build a Raspberry Pi Motion Sensor - IoT Tech Trends
- Paging for Fun and Profit | byterock [blogs.perl.org]
- Best Notepad++ Alternatives for Linux – Linux Hint
- linuxium.com.au: How to create an ISO that mimics the installed packages from an ISO or those locally installed using 'isomimicpkgs.sh'
- Jaffar's (Mr RAC) Oracle blog: Migration methods to Autonomous Database (ADB) - Part IV (DBMS_CLOUD.COPY_DATA)
- Pretty Print Relative Dates in Python | levlaz лев 列弗
- Brazil and Mexico report record surge in coronavirus cases as Latin America reels - Japan Today
- Virus-isolated silver surfers ride a new tech wave - Japan Today
- How Has Russia Responded to COVID-19? - Lawfare
- Doc Searls Weblog · Will our digital lives leave a fossil record?
- Statsfs: A New RAM-Based File System For Linux Kernel Statistics
- Sysadmin security: 8 Linux lockdown controls | Enable Sysadmin
- In a new course this fall, students will create and study the history of digital fakes | The Daily Pennsylvanian
- Elizabeth Scheyder
- davy wybiral: Raspberry Pi 4 Complete Guide
- How to connect to CentOS 8 Desktop from Windows using RDP protocol
- 802.11n AP <-> Client Kick-Off Script (Py) – Jon's FOSS Blog
- Find Linux System Hardware Information With Hwinfo - OSTechNix
- How to Quickly Launch Ubuntu Virtual Machine with Multipass
- Ask iFixit: I Spilled Liquid on My Laptop—Now What?
- ALGOL 60 at 60: The greatest computer language you've never used and grandaddy of the programming family tree • The Register
- Python Scripting For Ethical Hacking Part 1 – ls /blog
- Suddenly Remote: What the Open Source Community Can Teach Us - InformationWeek
- Communication
Resiliency
Overcoming tone deafness
No sacred cows
- Caesar III open source game engine 'Julius' has a new release | GamingOnLinux
- What’s in a New Bill to “Warn” Americans Downloading Foreign Apps? - Lawfare
- Reviving a QIC tape backup solution from 30 years ago | Matt's Tech Pages
- Of course, Oracle Clusterware is certified on OL8/RHEL8 as well
- 4 Tips to “Quarantine” the Latest Ransomware Threats | Pivot Point Security
- One: Secure Your Endpoints
Two: Keep Your Staff Aware
Three: Apply Patches
Four: Bring in the Big Guns – Hire a Professional
- How Including a Standardized Control Assessment in Your ISO 27001 Internal Audit Can Pay Huge Dividends for SMEs | Pivot Point Security
- Group Behind WannaCry Now Using New Malware - HealthcareInfoSecurity
- Ensuring Business Continuity in Times of Crisis
- AMA issues new principles to restore trust in data privacy | American Medical Association
- Expert released PoC exploit for CVE-2020-1967 DoS flaw in OpenSSLSecurity Affairs
- CVE-2020-1967
- Lateral Movement: Pass the Hash Attack
- CISSP vs. Master’s Degree – Please Take a Neutral Corner!
- Errata Security: CISSP is at most equivalent to a 2-year associates degree
- Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic – Bitdefender Labs
- Security 101: Two Factor Authentication (2FA) · System Overlord
- Oracle Database Appliance: which storage capacity to choose? - Blog dbi services
- PrintDemon – patch this ancient Windows printer bug! – Naked Security
- Understanding Vulnerability Scoring: CVSS Explained
- How to get security clearance and win more contracts
- ABCs of UEBA: O is for OUTLIER | Gurucul UEBA
- Kali Linux OVA for Air-Gapped Use Build Process | slice2
- 4 GDPR Violations that Multiple Companies have been Fined for - Security Boulevard
- Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
- Security Architects Partners Posts | Trusted IT Consulting
- Operational Thoughts in Trying Times
- Jaffar's (Mr RAC) Oracle blog: Migration methods to Autonomous Database (ADB) - Part III (SQL Developer)
- Python Software Foundation News: Capital One - Lessons From Adopting Python as a Team
- Setting up Network Bound Disk Encryption(NBDE) on CentOS 8 - James
- Putting container updates on a diet – Alexander Larsson
- BleachBit - Spring cleaning all year long
- How to Present in an online meeting like a CHAMPION
- Sodinokibi ransomware uses MS API to encrypt open and locked filesSecurity Affairs
- SilverTerrier gang uses COVID-19 Lures in BEC attacksSecurity Affairs
- SilverTerrier
- Samsung's PCIe 4.0 SSDs come in a range of new form factors | Engadget
- After 5 Years, Finnix 120 Released: One Of The Oldest System Rescue Linux Distros
- Use Raspberry PI as your personal web crawler with Python and Scrapy - peppe8o
- Ransomware attack targeted Texas state court system - HoustonChronicle.com
- Texas high courts hit by ransomware attack, refuse to pay - ABC News
- Texas court IT hit by ransomware | News | The Legal Description
- How To Find Hard Disk Data Transfer Speed In Linux - OSTechNix
- https://www.engadget.com/hackers-21-million-ransom-celebrity-lawyer-064511797.html
- CPRA's top-10 impactful provisions
- California Privacy Rights Act
The CPRA is truly an omnibus data protection law, modeled on the EU General Data Protection Regulation, and would create a much broader set of privacy rights and obligations than the CCPA.
.5. Entry into force January 2023 with look back to January 2020
1. Sensitive data: New definition, limits on use and sharing, mandated link or respect of global opt-out
2. New enforcement agency: California Privacy Protection Agency
3. Expanded breach liability: Definition now includes email/password combos
4. Audits and risk assessments: To be prescribed through regulation for high-risk processing
5. Automated decision-making and profiling: Restrictions for certain industries
6. Data correction: New consumer rights
7. Children’s data: Strengthened opt-in rights and enhanced penalties for violations
8. Data retention: Necessity-based limitations
9. Employee data: Expanded moratorium
10. Service provider/contractor/third party: New obligations and clarifications
- Are IP addresses 'personal information' under CCPA?
- [Part 2] Interactive and transferrable code risk visualization – DiabloHorn
- Pitney Bowes Battles Second Ransomware Attack
- CISO stress-busters: post #1 overcoming obstacles - Microsoft Security
- How to Gather Information on PostgreSQL Databases with Metasploit « Null Byte :: WonderHowTo
- 6 Free Cybersecurity Training and Awareness Courses
- Researchers Analyze Oracle WebLogic Flaw Under Attack
- Celebrity personal data taken in ransomware attack – Naked Security
- The Ultimate List of SANS Cheat Sheets | SANS Institute
- DDoS attacks in Q1 2020 | Securelist
- Healthcare giant Magellan discloses data breach after ransomware attackSecurity Affairs
- STAMINA, a new approach to malware detection by Microsoft, IntelSecurity Affairs
- STAtic Malware-as-Image Network Analysis (STAMINA)
- The Santa Clara Principles During COVID-19: More Important Than Ever | Electronic Frontier Foundation
- #CQLabs – How UAC bypass methods really work by Adrian Denkiewicz | CQURE Academy
- Maxfield Chen - Proxying Unaware Thick Clients
- GitHub - salesforce/cloudsplaining: Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet.
- You should be working asynchronously (async) | Remote.com Blog
- Asynchronous Communication: What It Is & Why You Should Care About It
- FTC Assessing Whether Its Health Data Breach Rule Is Stale
- Cognizant: Ransomware Attack Expense at Least $50 Million
- BSides NoVA 2020 - 1430 - Vulnerability Management; Let's talk Vulnerability Chaining - YouTube
- BSides NoVA 2020 - 1100 - Voight-Kampff for email addresses - YouTube
- DIY Decking makeover
- Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration
- Empowering your remote workforce with end-user security awareness - Microsoft Security
- Oracle Linux 8 (OL8) : Vagrant and Docker builds for 19c Database | The ORACLE-BASE Blog
- Building a Shelly 2.5 USB to TTL adapter cable | die-welt.net
- Serial communication on modern Linux | Opensource.com
- Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack
- One Tool to Rule Them All - Security Boulevard
- Mayhem Moves to Production with the Department of Defense - Security Boulevard
- Australian Transport Company Hit with Nefilim Ransomware Months after a Maito Ransomware Attack - Security Boulevard
- These Are The Top 10 Most Exploited Vulnerabilities In Past 3 years
- Homemade Corn Shnitzel Recipe -- Gluten Free, Vegan, Frugal, and Delicious | Penniless Parenting
- PowerShell 7 Video Series | PowerShell
- Health Data Breach Update: What Are the Causes?
- COVID-19: 3 Future Scenarios - HealthcareInfoSecurity
- OneFS 8.2 firmware improvement: isi_upgrade_helper - FastStorage
- Oracle Database 19c is certified on OL8 and RHEL8
- Oracle Materialized View Refresh : Fast or Complete ? - Blog dbi services
- Improve Your Tests With the Python Mock Object Library – Real Python
- Oracle Linux 8 (OL8) : Updates – UEK6, Podman, Database 19c Certification | The ORACLE-BASE Blog
- Jaffar's (Mr RAC) Oracle blog: Migration methods to Autonomous Database (ADB) - Part II (MV2ADB)
- Jaffar's (Mr RAC) Oracle blog: Migration methods to Autonomous Database (ADB) - Part I (Data Pump)
- How to Create a Team, Channel and SharePoint Site to Collaborate with Clients
- Dynamically Reset Those Tiny BlackArch Linux Terminals | slice2
- [blackarch ~]# printf ‘\e[8;20;90t’
[blackarch ~]# printf ‘\e[8;30;90t’
[blackarch ~]# printf ‘\e[8;40;90t’
[blackarch ~]# printf ‘\e[8;50;95t’
[blackarch ~]# printf ‘\e[8;40;100t’
- Infosecurity.US - https://infosecurity.us - BSides Knoxville 2020, Adam Compton's 'A Hillbilly's Guide To Staying Anonymous Online'
- Do not trust any public VPN service, Create your own Secure SOCKS5 Proxy for just $5 – Techno Chat|Tech Blog!!
- Remembering WannaCry | Avast - Security Boulevard
- Backing Up VCSA in vSphere 7 – Notes from MWhite
- How to install MABS (Microsoft Azure Backup Server) and use it to protect on-premise virtual machines - Blog dbi services
- An open source camera stack for Raspberry Pi using libcamera | ブログドットテレビ
- Cyber Command Needs New Acquisition Authorities - Lawfare
- Go back in time with a Raspberry Pi-powered radio - Raspberry Pi
- What one cybersecurity company has learned from responding to Maze ransomware
- Track Your Screen Time in Linux with ActivityWatch
- Open source algorithms for network graph analysis help discover patterns in data - Help Net Security
- Nmap Basics - The Security Practitioner's Swiss Army Knife
- Citizen DJ / Homepage
- I made a Radio Time Machine that covers 100 years (10 decades) of music, from the 1920s to the 2020s. Each decade has its own Spotify playlist, with on average 500 songs from that decade that are played randomly. I used a Pi 4, Arduino Nano, and Mopidy library. [Repost in landscape mode] : raspberry_pi
- I is for Introvert (Shallow Thoughts)
- How to Use Loops in Ansible Playbook
- Lnav Log Files Navigator Helps You Analyze Log Files in a Mac OS or Linux Terminal
- Excellent Utilities: Watson - CLI tool to track time - LinuxLinks
- The Lars, Mark, and Daniel Club
- Intel and Penn Medicine are developing an AI to spot brain tumors | Engadget
- Find If A User Is Using Password-based Or Key-based SSH Authentication
- Thunderbolt port flaw lets hackers steal your data | Engadget
- Any PC Manufactured Before 2019 Is Vulnerable To 'Thunderspy' Attack
- Learn at home: a guide for parents #2 - Raspberry Pi
- Handle DB-Links after Cloning an Oracle Database - Blog dbi services
- Running a Medical Practice on Open Source
- Chris's Wiki :: blog/sysadmin/OurFileserverScale-2020-05
- Working from home – Is it negotiable? – Scott Gruby's Blog
- Women are better at cybersecurity than men
- Make your router reboot automatically when internet connection is lost
- EARN IT: Privacy, Encryption, And Policing In The Information Age | Hackaday
- Inputs Of Interest: I’m Building An ErgoDox! | Hackaday
- Need a USB cable? Build one! – Josef Adamčík
- Mystery Inflammatory Syndrome In Kids And Teens Likely Linked To COVID-19 : Shots - Health News : NPR
- Hospitals Lose Money During Pandemic; Healthcare Workers Face Layoffs, Cut Hours : NPR
- AWS Networking 101 « ipSpace.net blog
- 'SideScanning' technology offers deeper multi-cloud visibility
- Random thoughts of Ebenezer: Toilet roll roller
- Everyone’s Afraid | Don Jones®
- Portable MRI Machine Comes To The Patient | Hackaday
- Ask Hackaday: Wink Hubs, Extortion As A Service? | Hackaday
- What Will You Do With An Extra 1.2 Gigahertz? | Hackaday
- Keeping IT Support Human during WFH - Code as Craft
- Doc Searls Weblog · Choose One
- Great lessons from great women
- “There are two kinds of people, those who do the work and those who take the credit. Try to be in the first group; there is less competition there.” – Indira Gandhi,
“To me success means effectiveness in the world, that I am able to carry my ideas and values into the world — that I am able to change it in positive ways.” – Maxine Hong Kingston,
“You know, failure hurts. Any kind of failure stings. If you live in the sting, you will undoubtedly fail. My way of getting past the sting is to say no, ‘I’m just not going to let this get me down.’” – Sonia Sotomayor,
“Failure is an important part of your growth and developing resilience. Don’t be afraid to fail.” – Michelle Obama
“If your dreams do not scare you, they are not big enough.” – Ellen Johnson Sirleaf,
“My object in life is not simply to make money for myself.” – Madam C. J. Walker,
“If you look at what you have in life, you’ll always have more. If you look at what you don’t have in life, you’ll never have enough.” – Oprah Winfrey
“No one has ever become poor by giving.” – Anne Frank
“You can only become truly accomplished at something you love. Don’t make money your goal. Instead, pursue the things you love doing, and then do them so well that people can’t take their eyes off you.” – Maya Angelou,
“Power is not given to you. You have to take it.” – Beyoncé
“We teach girls to shrink themselves, to make themselves smaller. We say to girls: You can have ambition, but not too much. You should aim to be successful but not too successful, otherwise you will threaten the man. If you are the breadwinner in your relationship with a man, pretend that you are not, especially in public, otherwise you will emasculate him.” – Chimamanda Ngozi,
“We as women should shine light on our accomplishments and not feel egotistical when we do. It's a way to let the world know that we as women can accomplish great things!” – Dolores Huerta,
- Uncle Sam to agencies: No encrypted DNS for you! – Naked Security
- ILOVEYOU: The Love Bug virus 20 years on – could it happen again? – Naked Security
- U.S. unemployment surges to a Depression-era level of 14.7% - Japan Today
- This week, the Bank of England projected that Britain will see its biggest annual economic decline since 1706, when the European powers were embroiled in the War of the Spanish Succession.
- Did Former Green Berets Violate the 1794 Neutrality Act by Invading Venezuela? - Lawfare
- Doc Searls Weblog · Reality 2020.05.08
- AppSec_Best_Practices_vs._Practicality.pdf
- How the Spanish flu of 1918-20 ravaged Japan - Japan Today
- "Sumo Kaze" (sumo cold)
- Unix and Adversarial Interoperability: The ‘One Weird Antitrust Trick’ That Defined Computing | Electronic Frontier Foundation
- The Technium: 68 Bits of Unsolicited Advice
- MS-Teams on Windows Server: Keep an eye on your RAM | Born's Tech and Windows World
- Chris's Wiki :: blog/linux/SoftwareRaidResyncOnSSDs
- Chris's Wiki :: blog/linux/Ubuntu2004ISOAutoinst
- Learn How To Configure Windows Server 2019 Active Directory
- ChaosSearch 2.0 Introduced | APMdigest - Application Performance Management
- How to Refresh AD Groups Membership without Reboot/Logoff? | Windows OS Hub
- #for the local computer
klist -li 0:0x3e7 purge
#For the user
klist purge
#Ticket Granting Ticket
klist tgt
- Top 5 Trends, Insights and Recommendations to Plan your Enterprise WAN for 2020 and Beyond | APMdigest - Application Performance Management
- 1. OPERATIONAL COMPLEXITY IS THE BIGGEST HURDLE TO WAN TRANSFORMATION
2. SAAS ADOPTION IS GROWING; MULTI-CLOUD NETWORKING IS BECOMING TABLE STAKES
3. PERFORMANCE, SECURITY AND USER-EXPERIENCE ARE TOP OF MIND. WAN OPTIMIZATION IS STILL POPULAR
4. BARRIERS TO SCALING SD-WAN INCLUDE PERFORMANCE ISSUES, DIY COMPLEXITY AND COST CONCERNS
5. MANAGED SD-WAN IS SEEING A SIGNIFICANT UPTICK GLOBALLY
- My Rubrik Forward 2020 Session Picks - Wahl Network
- Planning Ahead for a Secure SAP S/4HANA Migration
- As Remote Work Becomes the Norm, Security Fight ...
- Threat-Modeling Basics Using MITRE ATT&CK
- Using Nmap As a Lightweight Vulnerability Scanner
- [Part 1] Experimenting with visualizations and code risk overview – DiabloHorn
- Today, More Than Ever… | Diary of a Network Geek
- So, like I promised, things are getting weird. Next week, I’ll be in the office a bit. My co-worker and I are coming in every other day, to try and help keep the potential for exposure to COVID-19 to a minimum for us. I pray that it goes well.
- Lateral Moment on Active Directory: CrackMapExec
- Impacket Guide: SMB/MSRPC
- Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era
- Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements | Privacy & Information Security Law Blog
- Testing Medical Device Security During COVID-19 Crisis
- How to Turn Your Raspberry Pi into a Wireless Access Point
- US defence agency targets Android privacy - Mobile World Live
- Can you connect as SYSDBA without password into a PDB directly?
- The Tools Hackers Are Using Against Your Oracle Database | Integrigy
- Qemu 5 was recently released | Fun with virtualization
- Traceroute: Introduction and Troubleshooting Tips
- VyOS from Scratch – Edition 1 – blog.kroy.io
- Windows 10 Version 2004 release between 26th & 28th May | Born's Tech and Windows World
- Fresenius probably victim of a Snake Ransomware attack | Born's Tech and Windows World
- Syslog-ng on the edge - Blog - syslog-ng Community - syslog-ng Community
- 5 open source tools IT leaders should know about now | The Enterprisers Project
- Excellent Free Tutorials to Learn ABAP - LinuxLinks
- How to setup Apache Tomcat cluster with 3 Nodes on Ubuntu
- Doc Searls Weblog · Figuring the future
- Zoom acquires security startup Keybase to offer end-to-end encryption | Engadget
- Microsoft Cult-Like Tactics Destroy Hospitals by Ripping Apart Everything Microsoft (and the NSA) Cannot Control | Techrights
- Linux stories: When backups saved the day | Enable Sysadmin
- Second wave of coronavirus infections feared around world - Japan Today
- GoDaddy confirms security breach affecting 28,000 hosting accounts | Engadget
- Input Output & Error Redirection in Linux [Beginner's Guide]
- The 25 Best Open Source Security Tools To Protect Your System
- Metasploit
Nmap
OSSEC
OWASP ZAP
Security Onion
OpenVAS
Wireshark
Nikto
W3af
Wapiti
CipherShed
Wfuzz
OSQuery
SonarQube
Snort
VeraCrypt
Moloch
Aircrack-ng
Tcpdump
SQLMap
Zeek
Kali Linux
GRR – Google Rapid Response
Grabber
Arachni
- SSH Tunnel - Local, Remote and Dynamic Port Forwarding | Jakub Arnold Blog
- Deep Dive into Kerberoasting Attack
- Kaiji - a new strain of IoT malware seizing control and launching DDoS attacks - Bitdefender BOX Blog
- Designing Firmware Resilience for 3 Top Attack Vectors
- Openstack RDO && KVM Hypervisor: Just another KVM setup on Deepin 20 Beta
- Top STIG – Part 4 (Encrypted Transmission and PKI) | Late Night Oracle Blog
- Ansible Collections: init · Tomáš Tomeček
- Print your own laboratory-grade microscope for US$18 | EurekAlert! Science News
- Essential Hotkeys for Ubuntu 20.04 Beginners
- Leary's Rose - YouTube
- Interpersonal circumplex - Wikipedia
- Recover data from Azure backup - Blog dbi services
- Upgrade Testing with a Refreshable PDB - does this work?
- GAO: HHS Has Failed to Act on Security Recommendations
- 2020 Berkshire Hathaway Annual Shareholder Meeting Video, Transcript, and Notes — My Money Blog
- How to Use Apple AirPods in Debian | levlaz лев 列弗
- SAP Finds Cybersecurity Shortfalls With SuccessFactors, Concur - Bloomberg
- "said several of its cloud-computing products do not meet the company’s cybersecurity standards."
- Java Heap Space Error During IntelliJ Gradle Plugin Build | levlaz лев 列弗
- How to Get CPU Temperature on Ubuntu Linux
- 7 Tips for Security Pros Patching in a Pandemic
- Is a Major Change to Military Justice in the Works? - Lawfare
- Getting Started With Basic Google Searches - Black Hills Information Security
- Love Bug's creator tracked down to repair shop in Manila - BBC News
- It was 20 years ago today... The Love Bug remembered
- What's the best long-term investment?
- Firewall Change Tracker for Network Security Admins (and it’s free) - Security Boulevard
- Self-teaching a little security thinking – Cryptosmith
- Hey Remote Worker! You Better be Using Email Best Practices - Phoenix TS
- Explain Like I’m 5: Remote Desktop Protocol (RDP) - Security Boulevard
- 3 Benefits of Going Domainless - JumpCloud
- How to Become a World-Class CISO - Hysolate
- Quotable Quotes - Security Boulevard
- The Critical Role of SSL Inspection to Avoid Secure Malware Delivery - Security Boulevard
- 7 Cyberattacks Against Pandemic-Stressed Healthcare Orgs - Security Boulevard
- Happy Developers Produce More Secure Software, Better Business Outcomes - Security Boulevard
- Healthcare devices at higher cybersecurity risk now due to coronavirus - TechRepublic
- How to Manage Windows Services with PowerShell? | Windows OS Hub
- Sysadmin Stories: vSphere 7 Local Disk Fresh Install and VMFS-L
- COBOL programmers -- your time may have come
- J-B Wood Restore Premium Epoxy Putty | Cool Tools
- The Lost Art Of Component Scavanging | Hackaday
- Using Valgrind To Track Down Known And Unknown Bugs In Your Code | Hackaday
- Greatest Keycaps And Where To Find Them | Hackaday
- 60% keyboard with MX blue
- Easy and Delicious Chicken Sosaties Recipe- Afrikaans Skewered Meat Dish, South African and Namibian Shish Kebabs, Without Apricots | Penniless Parenting
- Sosaties
- ESP8266 Adds Web Control To Old Home Theater | Hackaday
- Now You Can Be Big Brother Too, With A Raspberry Pi License Plate Reader | Hackaday
- Coronavirus FAQs: What Is A Pulse Oximeter? Why Are So Many People Buying One? : Goats and Soda : NPR
- What is Microsoft Azure Sphere? Everything you need to know - TechRepublic
- Flashing Sonoff Devices With Tasmota Gets Easier | Hackaday
- The Best Google Search Cheat Sheet: Tips, Operators, and Commands to Know
- VMware vSphere 7 Review - Evolution or Revolution?
- 22 VMware Certification Questions Answered
- The Lazy Admin's Guide to Site Recovery Manager and PowerCLI
- Hackers breach LineageOS servers via unpatched vulnerability | ZDNet
- 88% of IT pros say world is in permanent state of cyberwar - TechRepublic
- How to Configure WinRM over HTTPS for Ansible [Tutorial]
- Chris's Wiki :: blog/python/Python2Afterlife
- 90 Days With The Pinebook Pro
- Day 3 - Backup-DbaDatabase Filenames and paths - 31 days of dbatools backup and restores - Stuart Moore
- Day 2 - Backup-DbaDatabase Basics - 31 days of dbatools backup and restores - Stuart Moore
- An introduction to dbatools backup and restores - Day 1 of 31 days of dbatools Backup and Restores - Stuart Moore
- 31 Days of Backup and Restore with dbatools - Stuart Moore
- How to check for weak passwords on your Linux systems with John the Ripper - TechRepublic
- How hospitals can be proactive to prevent ransomware attacks - TechRepublic
- The 13 best security certifications for newcomers and experienced professionals - TechRepublic
- Ransomware: Why SMBs are especially vulnerable to attacks - TechRepublic
- Sick of high WAF costs? So are we. - Signal Sciences
-
- COVID and Cooperation: The Latest Canary in the Coal Mine - Lawfare
- Limitations of the Active Directory Domain - JumpCloud
- For Cybersecurity Pros Tired of Adulting - Security Boulevard
- Using Median Time to Resolve Efficiently - Security Boulevard
- Tools for expanding NERC CIP across the Enterprise - Security Boulevard
- Book Review - Andrew Jackson and the Miracle of New Orleans by Brian Kilmeade and Don Yaege, - Security Boulevard
- Hospitals Forced to Fight Another Pandemic - Security Boulevard
- Coronavirus-themed attacks April 26 – May 02, 2020Security Affairs
- Unpatched Oracle WebLogic Servers Vulnerable to CVE-2020-2883 | CISA
- Bypassing Windows Defender Runtime Scanning
- How to Configure NestedESXi on a Single Host - Part 2 - VIRTUALIZATION IS LIFE!
- How to Configure NestedESXi on a Single Host - Part 1 - VIRTUALIZATION IS LIFE!
- VMware ESXi 3.5 – 7.0 Hypervisor Size Comparison | Virten.net
- Homelab considerations for vSphere 7
- Understanding LDAP Channel Binding and LDAP Signing in 2020
- Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk - Security Boulevard
- Using Components with Known Vulnerabilities – Professionally Evil Insights
- Cybersecurity in Education (K12) - CIS Critical Controls
- DDoS in the Time of COVID-19: Attacks and Raids | Radware Blog
- Another Story of Bad 1970s Encryption - Security Boulevard
- Shifting Cybersecurity Mindsets – how MSSPs can become the enablers of their customers’ digital transformations - Blueliv
- Network Forensics Overview - Security Boulevard
- COBOL, Emergent - Security Boulevard
- From the Horse's Mouth: Cybersecurity Pros' Favorite InfoSec Quotes - Security Boulevard
- How to Build a Case for Effective Cybersecurity Budgets
- We Want You! Win the War on Ransomware Today
- AntiVirus/Malware Status
Verify That Anti-Virus Software Is Installed
Verify That Anti-virus Software Is Running Correctly
AppLocker Enforcement
AppLocker EXE Enforcement Mode: Enforcing Rules
Validate That the ‘AppIDSvcStatus’ Is Running
Validate That vssadmin.exe Is Denied by AppLocker
Validate That wscript.exe Is Denied by AppLocker
Backup Software Status
Verify That Backup Agent Software Is Installed
Verify That Backup Agent Software Is Running
Credential Hardening
Credential Protection
Admin Approval Mode for the Built-in Administrator Account: Enabled
Apply UAC Restrictions to Local Accounts on Network Logons: Enabled
Run All Administrators in Admin Approval Mode: Enabled
WDigest Authentication: Disabled
Password Complexity
Maximum Password Age Is Greater than 0 and Less than or Equal to 60
Minimum Password Age Is Greater than or Equal to 1 Day
Minimum Password Length Is Greater than or Equal to 14 Characters
Password Complexity: Enabled
Password History Memory Is Equal to 24
Password Reversible Encryption: Disabled
File Server Resource Manager (FSRM)
FSRM Configuration
FSRM File Group – Ransomware Extensions Configured
FSRM File Screen – Exists
FSRM File Screen Templates – Ransomware Blocking Exists
FSRM File Screen Templates – Screening Type Active
Windows Feature Installation
FS-FileServer Installed
FS-Resource-Manager Installed
Hidden File Extensions
User File Extensions Hidden is Disabled
Operating System Updates
Missing Patches: None Missing
Powershell Settings
PowerShell Script Execution Disabled
Remote Desktop Protocol
RemoteInteractiveLogonRight: Doesn’t Contain Administrators
Require User Authentication for Remote Connections by Using Network Level Authentication: Enabled
Set Time Limit For Active Remote Desktop Services Sessions: Enabled
Set Time Limit For Active but Idle Remote Desktop Services Sessions: Enabled
Set Time Limit For Disconnected Sessions: Enabled
Terminate Session When Time Limits Are Reached: Enabled
SMBv1 Configuration
Verify That the SMBv1 Protocol Is Disabled on SMB Client
Verify That the SMBv1 Protocol Is Disabled on the SMB Server
Windows Admin Shares
Default share: Not Shared
Remote Admin: Not Shared
Remote IPC: Not Shared
Server Service: Disabled
Windows Defender
Windows Firewall – Blacklisted Ports Blocked
Windows Firewall – Enable Firewall
Windows Firewall – Inbound: Blocked (Default)
Windows Firewall – Log Dropped Packets: Enabled
Windows Firewall – Log File Is Configured
Windows Firewall – Log Size Is Equals Or Greater Than 16M
Windows Firewall – Log Successful Connections: Enabled
Controlled Folder Access: Enabled
Windows Remote Management
WinRM Service: Disabled
- Active Directory Integration (ADI) Playbook - JumpCloud
- BSidesSF 2020 - Jay Jacobs's 'Visualizing Security' - Security Boulevard
- Report: Increased Spending on Compliance Not Helping Security - Security Boulevard
- How to Use Nancy to Improve Your Go Application Security - Security Boulevard
- Incident Response Requires a New AppSec Model - Security Boulevard
- Semperis introduces tools to improve security resiliency of Windows Active Directory - Semperis
- Veracode Blog | Application Security? But I have a WAF!
- Lateral Movement: WMI
- OSSEM - A Tool To Assess Data Quality
- NBlog - the NoticeBored blog: NBlog May 3 - COVID-19 is like infosec because ...
- Office Work: Will we ever go back? - Security Boulevard
- Through the Decades: Security Innovation in Response to Threats - Security Boulevard
- RangeForce Intros Hands-on YARA Training Modules with Free Promotion - Security Boulevard
- 3 Governance, Risk and Compliance Trends to Watch | Hyperproof
- 3 Governance, Risk and Compliance Trends to Watch
Compliance and risk management needs technology to navigate across state lines
The demand for IT security, privacy and compliance talent is rising
Continuous compliance is the new norm
- Understanding Windows Services - Security Boulevard
- Windows 10 Auditing Features - Security Boulevard
- The State of Ransomware in the US: Report and Statistics for Q1 2020 | Emsisoft | Security Blog
- Understanding Windows Registry - Security Boulevard
- Is COVID-19 Going to Accelerate the Future of Work? - Security Boulevard
- Replace Your Door Peephole With a DIY Thermal Camera | flyingpenguin
- $50 Open-Source Colorimeter is Remarkable in Comparison to Commercial Models - 3DPrint.com | The Voice of 3D Printing / Additive Manufacturing
- With data as central actor, Red Hat aims to unite enterprise needs in common platform - SiliconANGLE
- This theme of data being a central actor is at the core of Red Hat’s strategy. For the firm’s 37,000 Red Hat Enterprise Linux customers, data is about being able to pull meaningful insights out of information for business-critical decision making.
- Automate Security Testing with ZAP and GitHub Actions
- Migrating From Oracle Non-CDB 19c to Oracle 20c - Blog dbi services
- 3 Solutions to Secure Your Call Center from Ever Changing Threats
- Remote management for OpenWRT devices without opening inbound connections | die-welt.net
- Hetzner Dedicated Server Reverse DNS + Ansible · Iain R. Learmonth
- The Critical Importance of Credential Screening | Enzoic
- BSidesSF 2020 - Amol Sarwate's 'Real Time Vulnerability Alerting' - Security Boulevard
- How I recovered a lost email from my email client’s memory | Ctrl blog
- BSidesSF 2020 - So You’re the First Security Hire (Bryan Zimmer) - YouTube
- Fake Microsoft Teams notifications aim at stealing Office365 loginsSecurity Affairs
- Bill Sempf | The rule of threes
- You can survive:
3 minutes without air
3 hours in severe weather
3 days without water
3 weeks without food
3 months without hope
- Re-Imagine Endpoint Protection (Even if You Don’t Have EDR) - Security Boulevard
- The average cost per breach resulting from an attack on endpoints is $8.94 million (Ponemon Institute), which is 2.3 times higher than the $3.92 million average cost of a general data breach (IBM).
- Cybersecurity Maturity Model Certification Domains Explained - Security Boulevard
- Embracing cybersecurity for better vendor access risk management - SecureLink
- NCSC Launches New UK Cyber Aware Campaign | Avast - Security Boulevard
- BSidesSF 2020 - Adventures in Vendor Security and Continuous Review (Lokesh Pidawekar) - YouTube
- Qualys CEO Outlines Plan to Converge Cybersecurity and IT Management - Security Boulevard
- GDPR Fine Print: 720,000 Euro Penalty for Collecting Biometrics | flyingpenguin
- Cybersecurity Maturity Model Certification Starts with DFARS 800-171 - Security Boulevard
- My Favorite Career Development Book - PyBites
- "Be So Good They Can't Ignore You." - Steve Martin
Skill trumps passion!
"You will get all you want in life, if you help enough other people get what they want."
- Threat Horizon 2022: Cyber Attacks Businesses Need to Prepare for Now
- BSidesSF 2020 - If You’re Not Using SSH Certificates You’re Doing SSH Wrong (Mike Malone) - YouTube
- Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation - Microsoft Security
- Sometimes Real Life Is the Best Case Study Around
- Hackers are targeting recently patched WebLogic security vulnerabilitySecurity Affairs
- Be It Gas Or Electric Cars, This Device Will Save Your Maintenance Cost
- Cyber Operations Against Medical Facilities During Peacetime - Lawfare
- Ex-Green Beret led failed attempt to oust Venezuela's Maduro - Japan Today
- Golden BB is military slang for a one-in-a-million shot that if it hits in the right place can bring down an aircraft.
- Failure Is Fine, Learning Is Mandatory | The Networking Nerd
- “Failure is a harsh teacher because it gives the test first and the lesson afterward.” — Vernon Law
- NTT Data Intellilink - Powering Mission Critical Workloads with Oracle Linux | Oracle Linux Blog
- Within NTT Data Intellilink, there is a business unit which focuses on providing customers with Oracle solutions, support, and implementation services using a wide range of Oracle products such as Oracle Database, Oracle Fusion Middleware, Oracle Linux, and Oracle Engineered Systems. These solutions are deployed on premise or in Oracle Cloud.
Previously, NTT Data Intellilink had been using Red Hat Enterprise Linux before switching to Oracle Linux with the Unbreakable Enterprise Kernel (UEK). This change resulted in multiple benefits which they speak about in this video. These include optimized workload performance, improved support across the entire stack, increased security, and lowering costs by 50% overall. NTT Data Intellilink also found that Oracle's flexible support contracts were easier to manage.
- DNS troubleshooting with record inspection | Enable Sysadmin
- Thanks Oracle! New Patches Pending Can Reduce Linux Boot Times Up To ~49% - Phoronix
- CISA Urges Federal Agencies to Use Approved DNS Service
- Erman Arslan's Oracle Blog: EBS -- Oracle Database 19C - "Curious and Frequently Asked Questions" - Supported Features & Products
- Book Review: Active Measures — Adam Caudill
- Fake Microsoft Teams Emails Phish for Credentials
- EPIC - Senators to Introduce COVID-19 Data Protection Bill
- EINSTEIN 3 Accelerated | CISA
- Wicker introduces 'COVID-19 Consumer Data Protection Act'
- Powerful Photo of Japan’s Religious Leaders Praying Together to End the Pandemic | Spoon & Tamago
- 'Corona poverty' spreading and getting worse - Japan Today
- What is Security Posture? | Balbix
- Improving Security Posture the Easy Way - Security Boulevard
- China Wants to Control All the Internet With 'New IP' Plan - Security Boulevard
- OSINT – Using Threat Intelligence to Secure Your Organisation
- Leadership Lessons: Adapting to an All Remote Workforce
- BSidesSF 2020 - Leveraging Osquery for DFIR at Scale (Sohini Mukherjee)
- IT Guide to Handling a Recession - JumpCloud
- GRC Software and the Impact of Integrated Risk Management
- Why the Postal Service Is Critical to National Security - Lawfare
- Digital Audio Extraction
- Building a Linux based headless automated ripping machine using abcde – v2 - Covid-19 update edition : DataHoarder
- Jukebox
- Advanced Encryption Standard (AES): What It Is and How It Works - Hashed Out by The SSL Store™
- Businesses Are Increasingly Considering Paying Ransomware Attackers
- Teddy's Citizenship In A Republic Speech, The 110th Anniversary - Security Boulevard
- 21 Signs That You're an INTP, One of the Rarest Personality Types
- Michael Burry Recommended Investing Books List — My Money Blog
- ODA 19.6 is available - Blog dbi services
- Fault Lines: The Cyber Solarium with Dr. Samantha Ravich - Lawfare
- Automated API Testing for the KIE Server - Red Hat Developer
- Red Hat Enterprise Linux 8.2 Released with Enhanced Security and Performance - 9to5Linux
- Episode 8: Healthcare security in a time of crisis | CSO Online
- Ethics and the Criminal Mind ~ Cyber Thoughts
- Healthcare Targeted By More Attacks But Less ...
- Analysis: Ransomware's Costly Impact - HealthcareInfoSecurity
- LabCorp Shareholder Sues Company Over Data Breaches
- List of data breaches and cyber attacks in April 2020: 216 million records breached - IT Governance UK Blog
- COVID-19 prompts DHS warning to review Office 365 security – Naked Security
- Experts warn of mass scans for Apache Tomcat Ghostcat flawSecurity Affairs
- Top 5 First Strategic Steps for a New CISO - Security Boulevard
- Understand the Business
Know Your Stakeholders
Know the History of Your Role and Associated Roles
Know Your Working and Total Budget
Know Your Commitments and Requirements
- Decipher Security Podcast with ForAllSecure CEO David Brumley - Security Boulevard
- What Are Healthcare's Biggest Cybersecurity Weak Spots?
- National Poetry Month – The Cybersecurity Edition
- Best WordPress Security Checklist [Ultimate Guide] - MalCare
- There are 3 vulnerabilities that are commonly found on WordPress websites. Those are:
Outdated plugins & themes
Weak credentials
Untrustworthy Admin users
- 8 Scary Statistics about the Password Reuse Problem
- A Google survey found that at least 65% of people reuse passwords across multiple, if not all, sites.
Another recent survey found that 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway.
Microsoft recently announced that a staggering 44 million accounts were vulnerable to account takeover due to compromised or stolen passwords.
The average person reuses each password as many as 14 times.
72% of individuals reuse passwords in their personal life while nearly half (49%) of employees simply change or add a digit or character to their password when updating their company password every 90 days. These forced resets are an ineffective tactic.
And it is not just personal accounts. 73% of users duplicate their passwords in both their personal and work accounts.
Security.org found that 76% of millennials recycle their passwords.
This is why compromised passwords are responsible for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report.
- 3 Tips for Security in the Remote Work Era - Security Boulevard
- Dashboards are the Future of Cybersecurity Reporting
- Where to Start With IT Consolidation?
- Web server security: Active defense
- How To Audit Windows 10 Application Logs
- 6 ways to address the OWASP top 10 vulnerabilities
- 1. Injection
2. Broken authentication
3. Sensitive data exposure
4. XML external entities (XXE)
5. Broken access control
6. Security misconfiguration
- How Can Cyber Essentials Certification Help Your Business?
- Compliance in Canada Today | PCI Pal
- How to choose the right strategy for ISO 27001 risk management - Vigilant Software - Compliance Software Blog
- Introducing a Technical Guide to Remote Security Operations - Siemplify
- The Science of Compliance: Early Code to Secure Your Node
- Top Cyber Security Risks in Healthcare
- CutiePi designs an open source, Raspberry Pi-powered Linux tablet (crowdfunding coming soon)
- Raspberry Pi HQ Camera Features a 12MP Sensor, Supports Interchangeable Lenses
- C- and CS-mount form
- Should I Roll Over My 401k into an IRA? How to Decide — My Money Blog
- USB 4 will support full-throttle DisplayPort 2.0 speeds | Engadget
- Open source live streaming with Open Broadcaster Software | Opensource.com
- SysmonSearch v2.0 Released - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Elemental - An MITRE ATTACK Threat Library
- Security of Health Information - Schneier on Security
- Employees Lose 2 Weeks Per Year to IT Downtime | APMdigest - Application Performance Management
- Lack of SMR disclosures in the HDD business | TinkerTry IT @ Home
- How to Pick an Antenna for Wi-Fi Hacking « Null Byte :: WonderHowTo
- How to Hack Wi-Fi: Capturing WPA Passwords by Targeting Users with a Fluxion Attack « Null Byte :: WonderHowTo
- Exostar and Their Role in Your CMMC Certification | Pivot Point Security
- Dr. Joel Kahn’s Top 3 Strategies to Help InfoSec Pros De-Stress | Pivot Point Security
- SOC 2 vs. ISO 27001 - Dollars and Sense | Pivot Point Security
- The DoD’s New CMMC: Think of It as Your Cyber Driver’s License | Pivot Point Security
- SANS Cyber Security Certifications & Research
- CIS CSC #11 – Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches – The Personal Blog of Sean Goodwin
- 5 Ways to Improve Business Cyber-Resilience | Webroot
- Attack matrix for Kubernetes
- Cybersecurity During COVID-19 - Schneier on Security
- LA Covers Up Bad Cybersecurity - Schneier on Security
- SANS Security Awareness Work-from-Home Deployment Kit | SANS Security Awareness
- Shade Ransomware Operation Apparently Shuts Down
- Data Breach Settlement Calls for Enhanced Security Measures
- RetroPie 4.6 Officially Launched with Support for Raspberry Pi 4
- How secure is Java compared to other languages? | JavaWorld
- Virginia Tech's "Popcorn Linux" For Distributed Thread Execution Seeking Feedback, Possible Upstreaming - Phoronix
- "New" Raspberry Pi 3B v1.2/v1.3 May be Incompatible with Cases with Embedded Heatsink
- People Are Switching Homes Less Often, Housing Inventory At Historic Lows — My Money Blog
- Using Ansible to verify configurations | Enable Sysadmin
- Petter Reinholdtsen: GnuCOBOL, a free platform to learn and use COBOL - nice free software
- SQL Server Performance Tuning Benefits | ESX Virtualization
- VMware Snapshots: Upgrading to ESXi 7.0
- VMware Snapshots: vSphere 7.0 - New Features (VM NVMe Defaults and Shared VMDK disks)
- IT Teams Resolving Incidents 63% Faster Than Before Pandemic | APMdigest - Application Performance Management
- Over a Decade as a Remote IT Professional: Here's My Advice | APMdigest - Application Performance Management
- Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk - Microsoft Security
- ROADtools - The Azure AD Exploration Framework
- ROADtools
- A Global Disaster Brings IT to the Forefront | APMdigest - Application Performance Management
- Monitoring a SunPower Solar System – Scott Gruby's Blog
- Terraform: Infrastructure as code. » Cyberfella
- Chris's Wiki :: blog/python/DjangoBasicAuthWorry
- SOSS X | Veracode
- Spafford Elected to American Academy of Arts and Science - CERIAS - Purdue University
- How to minimize the risks of split tunnel VPNs | CSO Online
- Multifactor Authentication is Imperative | Pindrop
- Patching ODA from 18.3 to 18.8 - Blog dbi services
- Top STIG – Part 3 (Software Support) | Late Night Oracle Blog
- Outside the Cubicle | DeWALT 20v Max Cordless Tool Platform – CubicleNate's Techpad
- Being in on the world’s biggest secret: My life as a COBOL programmer – IBM Developer
- World War COVID-19: Who Bleeds, Who Pays? - Lawfare
- The World Responds to the Economic Aftermath of the Pandemic – News
- Microsoft Patches Dangerous Teams Vulnerability
- Ammo Can Battery; 50 Ah LiFePO4 Clad In Army Green | Hackaday
- Reverse Engineering A Ceiling Fan Remote | Hackaday
- Ransomware Payments Up 33% As Maze and Sodinokibi Proliferate in Q1 2020
- Linked: 5 Lessons from Fairfax County Public Schools’ Cybersecurity Failures
- “The Washington Post further reported that FCPS’s issues, in part, resulted from FCPS’s failure to apply software updates for nearly two years and refusal to migrate to more advanced and privacy-friendly software.”
- Linked: Seven 'Public Speaking' Tips for Videoconferencing During the COVID-19 Crisis
- “Gesture as you normally do. Your hands help you think and speak more clearly. Make sure your screen/camera is far enough away that your gestures can be seen. It is OK to be passionate and emphatic!”
- Colorado Hospital Hit by Ransomware as COVID-19 Continues
- Perhaps August Dvorak Is More Your Type | Hackaday
- Responding to crisis: IBM's Jim Whitehurst draws from open-source lessons to address a rapidly changing world - SiliconANGLE
- Stockholm Expected To Reach Herd Immunity In May, Swedish Ambassador Says : NPR
- The Fremen principle | Seth's Blog
- Find someone who has already optimized for the reality you’re about to enter and learn from them.
- Shared objective reality | Seth's Blog
- VMware Snapshots: Upgrading to vCenter 7.0
- Multiple antivirus apps are vulnerable to common security flaws | Engadget
- The Oracle database museum: running old versions of the Oracle database | Frits Hoogland Weblog
- Real-time file monitoring on Windows with osquery | Trail of Bits Blog
- CIS CSC #10 – Data Recovery Capabilities – The Personal Blog of Sean Goodwin
- CIS CSC #9 – Limitation and Control of Network Ports, Protocols and Services – The Personal Blog of Sean Goodwin
- CIS CSC #8 – Malware Defenses – The Personal Blog of Sean Goodwin
- CIS CSC #7 – Email and Web Browser Protections – The Personal Blog of Sean Goodwin
- CIS CSC #6 – Maintenance, Monitoring and Analysis of Audit Logs – The Personal Blog of Sean Goodwin
- STS Episode #8: CIS Controls – Basic – The Personal Blog of Sean Goodwin
- CIS CSC #5 – Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers – The Personal Blog of Sean Goodwin
- CIS CSC #4 – Controlled Use of Administrative Privileges – The Personal Blog of Sean Goodwin
- CIS CSC #3 – Continuous Vulnerability Management – The Personal Blog of Sean Goodwin
- CIS CSC #2 – Inventory and Control of Software Assets – The Personal Blog of Sean Goodwin
- CIS CSC #1 – Inventory and Control of Hardware Assets – The Personal Blog of Sean Goodwin
- The unlikely plan to save COVID-19 patients with planes | Engadget
- 9 Security Tips for Working Remotely | CQURE Academy
- Hardware Debugging for Reverse Engineers Part 2: JTAG, SSDs and Firmware Extraction
- Android: Secret network of 27 app developers | Born's Tech and Windows World
- Lost or Stolen Device? Here’s What to do Next | Webroot
- Microsoft patches Teams vulnerability that allowed for account takeover just by viewing a GIF
- How to Build A Nintendo Switch to Starve Online Price Gougers - diy post - Imgur
- Trump Suggests We Choose Profits Over Saving Lives From Coronavirus - VICE
- NYC Mesh
- DIY Internet Provider Sees Demand Spike Amid Coronavirus Pandemic - VICE
- COBOL Isn’t The Issue: A Misinterpreted Crisis | Hackaday
- A Brief History of a Rootable Docker Image - Akamai Security Intelligence and Threat Research Blog
- Resources that aren't properly secured are subject to a myriad of attacks from adversaries with different intentions. In this case, a simple system with SSHd enabled was used for four different criminal campaigns in the span of 24-hours. When connecting systems to the Internet, you must follow basic security practices to ensure your system isn't hacked or used to attack other Internet hosts.
- GitHub - vernetto/sbwebsecurity: Demonstrate Spring Boot Web Security
- Getting Started | Securing a Web Application
- Spring Security Basics - YouTube
- Debugging For Sed — No Kidding | Hackaday
- World is at permanent cyber war say security professionals
- How to legally download any version of Windows 10, Windows 7, Windows 8.1 and Microsoft Office
- How to activate all of Windows 10's secret God Modes
- To activate God Mode, right-click the desktop and select New > Folder. Highlight this folder, press F2 and name it:
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Hit enter. Open that folder and you’ll have instant access to a wide range of system settings.
If one God Mode isn’t enough for you, there are multiple other options available. Follow the same process as above, but use one of the following alternative strings:
Default Programs.{17cd9488-1228-4b2f-88ce-4298e93e0966}
My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network.{208D2C60-3AEA-1069-A2D7-08002B30309D}
All Networks For Current Connection.{1FA9085F-25A2-489B-85D4-86326EEDCD87}
Programs and Features.{15eae92e-f17a-4431-9f28-805e482dafd4}
Power Settings.{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}
Icons And Notifications.{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
Firewall and Security.{4026492F-2F69-46B8-B9BF-5654FC07E423}
All NET Frameworks and COM Libraries.{1D2680C9-0E2A-469d-B787-065558BC7D43}
Application Connections.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
Administrative Tools.{D20EA4E1-3957-11d2-A40B-0C5020524153}
Credentials and Logins.{1206F5F1-0569-412C-8FEC-3204630DFB70}
Speech Recognition.{58E3C745-D971-4081-9034-86E34B30836A}
That's all there is to it!
- Building a pulse oximeter – Dangerous Prototypes
- Kerry D. Wong » Blog Archive » Making an OBD-II Solar Trickle Charger
- DSHR's Blog: Enterprise SSD Reliability
- DSHR's Blog: Archival Cloud Storage Pricing
- U.S. GAO - Cybersecurity: DOD Needs to Take Decisive Actions to Improve Cyber Hygiene
- 500% if_bridge Performance Improvement | FreeBSD Foundation
- Not just the end of IT, the end of IT contractors
- 2020 brings the death of IT
- The Dark Web turns 20 this month
- Ubuntu Core: a cybersecurity analysis | Ubuntu
- Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities | Alexander V. Leonov
- Health Prognosis on the Security of IoMT Devices? ...
- Domain Controller Backdoor: Skeleton Key
- Kerberos Brute Force Attack
- The Viral ‘Study’ About Runners Spreading Coronavirus Is Not Actually a Study - VICE
- For CISOs Trying to Reduce Risk, New Research Reveals the Value of Focusing on Assets | Kenna Security
- Superguide: CyberPower PFCLCD UPS Mini Towers protect your home's computers and entertainment | TinkerTry IT @ Home
- How to configure Ubiquiti mPower PRO outlet names without an mFi controller | TinkerTry IT @ Home
- AWS Certification and Training – Thin Light
- Proxmox vs ESXi | b3n.org
- RemoveandReplace.com | DIY Projects / Tips / Tricks / Ideas / Repair
- Budgetable - Make Every Dollar Matter
- 10 Windows Task Manager Tricks You Probably Didn't Know
- Troy Hunt: Handling Huge Traffic Spikes with Azure Functions and Cloudflare
- HOWTO: Encrypt traffic between AD FS Servers, servers running Azure AD Connect and SQL Servers hosting their databases - The things that are better left unspoken
- TechMinds: Demonstrating the QT-DAB Digital Audio Broadcast Decoder
- PiSDR Ready to use SDR Raspbian Image Updated to V4.0
- SignalsEverywhere: How to set up an RTL-SDR SpyServer on Windows
- Bill Gates says ‘worst nightmare has come true’ with pandemic - BelfastTelegraph.co.uk
- “In the movies it’s quite different. There’s a group of handsome epidemiologists ready to go, they move in, they save the day, but that’s just pure Hollywood.”
- Intel CEO: Bad Companies Are Destroyed by Crises; Great Companies Are Improved by Them - Slashdot
- "Bad companies are destroyed by crises; good companies survive them; great companies are improved by them." - AndyGrove
- COVID-19 The War Waged by Information Technology Professionals
- Guru: A Simple, Effective Way To Compare Data Using SQL - IT Jungle
- Machine Learning 101: Supervised, Unsupervised, Reinforcement – Marksei
- Machine Learning: Logistic Regression in Python – Marksei
- How to set up a Data Science environment on Windows using Anaconda – Marksei
- Developing on Kubernetes: my workflow for taming K8S on Windows – Marksei
- How the Raspberry Pi Foundation is responding to the novel coronavirus (part 2) - Raspberry Pi
- How the Raspberry Pi Foundation is responding to the novel coronavirus - Raspberry Pi
- FluSense takes on COVID-19 with Raspberry Pi - Raspberry Pi
- University of Toronto supports COVID-19 patient monitoring with Raspberry Pi - Raspberry Pi
- Five years of Raspberry Pi clusters - Raspberry Pi
- State Unemployment Claims Stalled By Eisenhower-Era Computer Code COBOL : NPR
- A COVID–19 False Dilemma – Michael O. Church
- Capitalism–19 Vs. Humanity–20 – Michael O. Church
- Yes, Under Corporate Capitalism, 8 Million Working Americans Are Likely To Become Unemployably* Disabled–– Possibly, for Life. Check the Math; Check the Assumptions. – Michael O. Church
- Techxit (Part 2 of 2) – Michael O. Church
- Techxit (Part 1 of 2) – Michael O. Church
- Techxit
- U.S. Hospitals Hit By Financial 'Triple Whammy' During Coronavirus Pandemic : Coronavirus Live Updates : NPR
- We're being faced with what I would call a triple whammy. We have the increased expenses that have been incurred in terms of preparing for the surge and caring for the COVID patients. And then we have the decreased revenues associated with having shut down regular operations in terms of scheduled procedures. You combine that with the increased number of uninsured as a result of the economic situation, and you've got a triple whammy there.
- What You Need to Know About the Cyberspace Solarium Commission Report Recommendations - Blog | Tenable®
- The need to harmonize standards for vulnerability disclosure and patch management
Driving accountability and transparency
A carrot or a stick?
Better data, better outcomes
- Stop The Zoom Trolls and Prevent Zoombombing
- Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do - Microsoft Security
- Welcoming and retaining diversity in cybersecurity
- Forrester names Microsoft a Leader in 2020 Enterprise Detection and Response Wave
- Corporate Reconnaissance – We are OSINTCurio.us
- site:linkedin.com “system admin”
- How to Manage Your Nessus Software Updates
- Oracle April 2020 Critical Patch Update Includes Record-Breaking 397 Security Updates
- Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)
- Backdoor: NSA and ASD warn of vulnerabilities | Born's Tech and Windows World
- Use Visual Cues To Enhance Learning
- Azure Governance – Part 1 Management Groups | Tallan Blog
- Some thoughts on Mechanical Keyboards · The Odd Bit
- You Need Code Coverage
- Four Basic Types of Warehouses | People Centre
- Booting an anycast DNS network | Gandi News
- Booting Linux Over HTTP
- Dell FX160
- Building My Own 50Ah LiFePO4 Lithium Battery Pack
- Building a Raspberry Pi Stratum 1 NTP Server
- PROFINET Technical Overview (P53) | The Automation Blog
- Book Freak #39: How To Make a Checklist that Works | Cool Tools
- Ultimate Guide to Baltic Birch Plywood: Why It’s Better, When to Use It – Woodworkers Source Blog
- The Maker’s Muse | Cool Tools
- Working with Metal-Infused Filaments | Cool Tools
- Guarding against supply chain attacks—Part 2: Hardware risks
- Business Technology is Critical to Driving Business Transformation in Organizations | APMdigest - Application Performance Management
- How IT Should Prepare for COVID-19 … or Any Disaster | APMdigest - Application Performance Management
- Protect Your People
Protect Your Business
- 6 Indicators of a Successful Digital Transformation | APMdigest - Application Performance Management
- 1. DEDICATED LEADERSHIP
2. ALL-IN APPROACH
3. DEFINED DIGITAL ROADMAP
4. ALIGNMENT BETWEEN INFRASTRUCTURE AND APPS
5. PLATFORM MINDSET
6. COMMITMENT TO INTELLIGENT OPERATIONS
- Zero Day Initiative — CVE-2020-2555: RCE Through a Deserialization Bug in Oracle’s WebLogic Server
- Windows Incident Response: Registry Analysis, pt II
- Windows Incident Response: Registry Analysis
- Shameless Coronavirus Special Promotion – Risk Edition! | Thom Langford
- Vulnerability Chains: Learning from Pedro Riberio’s IBM Data Risk Manager Zero-Day Disclosure
- Cloud Jewels: Estimating kWh in the Cloud - Code as Craft
- Guarding against supply chain attacks—Part 3: How software becomes compromised
- Threat hunting: Part 1—Why your SOC needs a proactive hunting team
- Cyber Attacks and Disruptive Events On the Rise | APMdigest - Application Performance Management
- Lazydocker - The Lazier Way To Manage Everything Docker
- BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects
- Business Continuity Plan: before and after COVID-19 - Security Art Work
- dbaSecurityScan - A new PS module for SQL Server security - Stuart Moore
- Wireguard on a Raspberry Pi – Stuff I'm Up To
- iptables – Part 1 – Stuff I'm Up To
- PXE Booting from a Container – Stuff I'm Up To
- Wireguard Config Builder – Stuff I'm Up To
- Veeam now provides a stand-alone VBK Extract Utility - The things that are better left unspoken
- SaveTheQueen Ransomware leverages Active Directory’s SYSVOL to propagate - The things that are better left unspoken
- AZ-304 Study Guide: Microsoft Azure Architect Design - Thomas Maurer
- AZ-900 Study Guide: Microsoft Azure Fundamentals 2020 - Thomas Maurer
- AZ-303 Study Guide: Azure Architect Technologies - Thomas Maurer
- Keep control of your Azure environment with Azure Policy - Thomas Maurer
- AZ-204 Study Guide: Developing Solutions for Microsoft Azure - Thomas Maurer
- AZ-104 Study Guide: Azure Administrator - Thomas Maurer
- Rotor Lock Fan Hack - Ground the Yellow Wire
- Free HPE iLO Advanced License - The Tech Journal
- Troubleshooting VMware ESXi host unresponsive to vCenter - The Tech Journal
- How to: Raspberry Pi 4 as an iSCSI SAN (iSCSI Target) - The Tech Journal
- Cybersecurity Awareness Slide Deck v.1.1 & Video - Linux Included
- Cybersecurity Awareness - Open Source Presentation & Slides - Linux Included
- Onion-Zeek-RITA - Linux Included
- pfSense VLANs on Proxmox - Linux Included
- GDPR and COVID-19: Privacy Regulator Promises 'Flexibility'
- Zero Trust framework to enable remote work
- Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
- Awspx
- Pulsar - Network Footprint Scanner Platform - Discover Domains And Run Your Custom Checks Periodically
- One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
- One-Lin3r
- Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting
- FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance
- ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions
- General Electric suffers data breach after service provider hack | TechRadar
- Study: Data Security Is the New Table Stakes for a Positive Brand Experience
- List of data breaches and cyber attacks in February 2020 – 623 million records breached - IT Governance UK Blog
- Sherloq - An Open-Source Digital Image Forensic Toolset
- Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs
- How Healthcare Providers Can Prevent Security Vulnerabilities
- Intel starts using facial recognition technology to ID workers, visitors - oregonlive.com
- Domain Persistence: Golden Ticket Attack
- Senate Majority Protects New Yorkers’ Private Data | NY State Senate
- Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
- Checklist: Expedited Vendor Privacy and Security Assessment
- A Deep Drive on Proactive Threat Hunting
- Joel Reidenberg, 1961–2020
- Joel Reidenberg
- Patch Tuesday: Microsoft Releases 115 Security Updates, The Biggest Batch Ever Launched
- Comprehensive Guide to tcpdump (Part 3)
- Comprehensive Guide to tcpdump (Part 2)
- Comprehensive Guide to tcpdump (Part 1)
- Thermal Imaging Cameras are Still Dangerous Dragnet Surveillance Cameras | Electronic Frontier Foundation
- Maze Ransomware – What You Need to Know
- RDP Session Hijacking with tscon
- Credential Dumping: Local Security Authority (LSA|LSASS.EXE)
- Credential Dumping: NTDS.dit
- Credential Dumping: Wireless
- Medical Devices on the IoT Put Lives at Risk
- Introducing the VMware vExpert Security Program | Security & Compliance Blog | VMware
- VMware Snapshots: vSphere 7 ESXi Upgrade
- VMware Snapshots: vCenter 7 Lab Upgrade
- Quick look at 5 VMware vSphere 7.0 features & tips to organize and personalize your vSphere Client | TinkerTry IT @ Home
- My vSphere 7.0 Upgrade story – step by step! – Notes from MWhite
- How to upgrade from VMware vSphere 6.7 to vSphere 7.0, vCenter/VCSA first, then ESXi host(s) next | TinkerTry IT @ Home
- The Coronavirus & Cybersecurity: 3 Areas of ...
- What is Splunk? - JB Computerization
- Storage vMotion of an Oracle RAC Cluster with minimal downtime - JB Computerization
- 5 Ways to check how much RAM is installed and used on CentOS 8
- Using /proc/meminfo
Using free command
Using top command
Using vmstat command
Using dmidecode command
- 5 Ways to Prove Security's Worth in the Age of COVID-19
- 2020 Cybersecurity Outlook Report: Key Findings (Part 2 of 2) | Security Blog | VMware
- Prosecutors: Insider ‘Sabotaged’ Medical Equipment Shipments
- InfoSec Conferences Canceled? We've Hours Of Recordings! | /dev/random
- How to fix or change the VCSA root password that has expired 6.5 or above - JB Computerization
- Missing SYSVOL & NETLOGON after domain controller promotion | Mohammed Wasay
- 27 Tips for Working From Home - krypted
- Sales Strategy Presentation Template -OliverMarshall.net
- Expose your private Grafana dashboards with TLS
- vSphere 6 End of Support – Elastic Sky
- Using VMmark to performance test systems | Electric Monk
- Splunk 101 - JB Computerization
- How to clear or delete old vSAN partitions on decommissioned hosts — ThinkCharles.net
- Running Systems » Blog Archive » Hot-resize disks on Linux
- Build and Capture Windows 10 2004 (20H1) Reference Image – Stick To The Script
- Deploy Windows 10 2004 (20H1) Reference Image – Stick To The Script
- Log Manager Utility – A necessary update – Stick To The Script
- WSUS Maintenance Utility – Late March Update – Stick To The Script
- PowerShell 7 - What’s new ? - LazyWinAdmin
- How and why you should lint your Ansible playbooks | Logan Marchione
- Linting Ansible playbooks using Drone | Logan Marchione
- Recession is nigh - SysAdmin1138 Expounds
- Software Liability Is Just a Starting Point - Lawfare
- The speediest patch in the world matters not a whit if it is not applied.
- 31 Best Free Linux Backup Software (Updated 2020) - LinuxLinks
- How to Create Backups with Fsarchiver on Linux - LinuxConfig.org
- Conceptual Designs | vLore Blog
- VMware Snapshots: vSphere 7 Coredump
- How to migrate VMware vCenter Server 6.5 Windows to vCSA 7.0 | ESX Virtualization
- VMware Snapshots: vSphere 7 Ate my HBA
- Terence Luk: Deploying Azure AD Password Protection for on-premise Active Directory
- Tips For a Lifelong Relationship | Penniless Parenting
- Security 101: X-Forwarded-For vs. Forwarded vs PROXY · System Overlord
- Security 101: Virtual Private Networks (VPNs) · System Overlord
- The Home Lab Gets a Home - Wahl Network
- PowerShell (Tab) Titles - tommymaynard.com
- Under The Stairs: PowerShell 7 Chain and Ternary Operators
- Under The Stairs: Deploying and Managing Active Directory with PowerShell 7
- Under The Stairs: Remoting With PowerShell 7
- How do I find out what version of Linux I am running? | ServerNinjas
- lsb_release -d
- Amazon Plumbing Nitro Enclaves Support For Linux To Isolate Highly Sensitive Data - Phoronix
- Linux housekeeping: Virtual machine storage sprawl | Enable Sysadmin
- Debian Dropping A Number Of Old Linux Drivers Is Angering Vintage Hardware Users - Phoronix
- Security Not a Priority for SAP Projects, Users Report
- Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.
- Security Ratings Are a Dangerous Fantasy
- What the Battle of Britain Can Teach Us About ...
- Gotta Patch 'Em All? Not Necessarily, Experts Say
- Two in three organizations successfully remediate high-risk vulnerabilities, with 51% reducing the number of high-risk flaws in their environments and 17% maintaining the same level. Those paying down vulnerability debt are doing so with improved focus and execution, Baker said, pointing to four metrics firms can use to measure better or worse remediation performance:
Coverage: How comprehensive the remediation is; the percentage of exploited or high-risk flaws addressed.
Efficiency: How precise the remediation is; how many patched flaws are high-risk?
Velocity: The speed and progress of the remediation.
Capacity: Number of flaws that can be patched in a given timeframe and net gain/loss.
- Information Security Governance: 5 Tips for New CISOs [Cheat Sheet] - Delta Risk
- 1. Choose a Framework
2. Determine the State of Your Security Implementation
3. Establish Information Security Program Governance
4. Develop Training Content for Specific Audiences
5. Gain Immediate Buy-in from the C-Suite
- 'Zero Trust' Turns 10 - HealthcareInfoSecurity
- John Kindervag
- Health Data Breach Tally Spikes in Recent Weeks
- Tom Walsh
- Watchdog Finds Security Weaknesses in NIH's Records System
- The report focused on three areas that need improvement:
-NIH located its alternate IT processing site for the EHR system in the same geographic location as the primary site.
-NIH failed to upgrade all servers supporting the EHR information system in a timely manner, delaying software upgrades until system upgrades had been completed.
-NIH did not effectively implemented account management processes to ensure that terminated employees users and inactive accounts were promptly deactivated.
- Benchmarking the State of the CISO in 2020
- RDP Honeypots - Koen Van Impe - vanimpe.eu
- 4 Simple Tips on How to Sell Your House Faster
- Security 101: Learning From Home · System Overlord
- Securing What's Now and What's Next
- ICS Security Conference 2020 Report -Part2- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- ICS Security Conference 2020 Report -Part1- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Why Doesn't Software Get Sold With a List of Ingredients?
- Siemens Shares Incident Response Playbook for ...
- EternalBlue Longevity Underscores Patching Problem
- Security Lessons We've Learned (So Far) from COVID-19
- Remote Workforce Jumps 15% in Two Weeks
- Using this method, they learned 27% of users worked remotely on an average weekday prior to COVID-19. The numbers have gradually increased for the first eight weeks of 2020 and spiked over the past two weeks as more companies enforced work-from-home policies. For the week ending on March 6, the average percentage of remote workers reached 30% and peaked at 32% on Friday. For the week ending March 13, the average grew to 35% and with a Friday peak of 42%.
For comparison, 42% is only slightly less than the average number of people who work remotely on weekends (43%), and it's higher than any holiday in the past six months. Netskope reports the total number of remote employees is the highest it has ever observed.
- Many Ransomware Attacks Can be Stopped Before They ...
- What Cybersecurity Pros Really Think About ...
- What Should I Do About Vulnerabilities Without Fixes?
- Now you face a few difficult options when presented with a vulnerability for which no fix exists or when a fix cannot be used:
Stop the pipeline and potentially delay rollout of the application until a fix is available (or even bring down a deployed application).
Task your own development team with creating a fix (assuming you have the code and the expertise) or finding a workaround.
Move ahead accepting the risk, clearing it with appropriate compliance people, which certainly is not ideal.
Another option is to run the application in a cloud-native environment and closely control its runtime behavior. Since containers and functions are deterministic, it is possible to identify and stop execution of code that is not aligned with the workload’s intended purpose. By blocking access to specific users, commands, files, ports, or system calls, security can defang a vulnerability so that any attempt to exploit it is stopped or at least clearly identified. This ability bridges the gap, allowing application rollout to proceed, until a permanent code fix to become available.
- 7 Cloud Attack Techniques You Should Worry About
- Credential Exposure Leading to Account Hijack
Misconfiguration Mishaps
Major Cloud Services Are Hot Targets
Cryptomining
Server-Side Request Forgery
Gaps in the Cloud Supply Chain
- vysolator: vyos virtual network isolation – DiabloHorn
- https://media.defense.gov/2020/Apr/22/2002285959/-1/-1/0/DETECT%20AND%20PREVENT%20WEB%20SHELL%20MALWARE.PDF
- Keys to Hiring Cybersecurity Pros When ...
- 3 Tips to Stay Secure When You Lose an Employee
- How Container Technologies Are Transforming the IT Landscape - Container Journal
- Cognizant Hit by 'Maze' Ransomware Attack | Technology News | US News
- Cognizant ransomware attack: Cognizant hit by 'Maze' ransomware attack - The Economic Times
- Cognizant hit by 'Maze' ransomware attack - The Financial Express
- Setting Less Financial Goals for a Greater Chance of Success – BeingFrugal.net
- How To Backup and Restore Data in PostgreSQL Database | Django Central
- 6 open source teaching tools for virtual classrooms | Opensource.com
- Debian GNU/Linux Removing Old Drivers: End Of Vintage Hardware?
- AnnualCreditReport.com: Free Weekly Credit Reports Through April 2021 — My Money Blog
- The barista-approved gear you need to recreate the coffee shop at home | Engadget
- The Cyberlaw Podcast: Russia’s Online Disinformation Has a 100-year History - Lawfare
- What’s new for NFS in Unbreakable Enterprise Kernel Release 6? | Oracle Linux Blog
- How COBOL brings value to the modern enterprise pipeline – IBM Developer
- Five best practices for administering remote systems | Enable Sysadmin
- Tip 1: Lockdown remote access protocols
Tip 2: Limit ingress points for remote management traffic
Tip 3: Know your network fundamentals
Tip 4: Have access to a remote console
Tip 5: Use SSH agent forwarding to your advantage
- How to Install and Use Osquery in Ubuntu – Linux Hint
- Turn Your Linux PC Into Bluetooth Speakers For Your Phone - OSTechNix
- Senators Urge Cyber Leaders to Prevent Attacks on the Healthcare Sector - Lawfare
- Untangling Third-Party Risk (and Fourth, and Fifth...)
- New York's SHIELD Act could change companies’ security practices nationwide | CSO Online
- SANS Cyber Security Certifications & Research
- HHS in Targeted Cyber Attack ~ Cyber Thoughts
- Business Continuity and Securing a Remote Workforce during a Pandemic Crisis ~ Cyber Thoughts
- COVID-19/Coronavirus and Computer Attacks
- A Vaccine Won't Return Us to Normal | Daniel Miessler
- COVID Will Accelerate Trends That Were Already Coming | Daniel Miessler
- The Adoption of Automation and AI: Companies use more non-human options to handle the routine parts of their business (see above)
Basic Income: More people are out of work and they need income for basic survival, or some freedom to invest in growing themselves into a better career
Pervasive Surveillance, in the Name of Health Safety: Goverments and corporations have been trying for decades to use terrorism as the reason we have to monitor the public as much as possible, but the arguments have become thin with the public due to few actual wins. That all changes now because people will happily support surveillance if they believe it will stop the next pandemic
The Rise of Audience-supported Influencers: More people develop followings doing their particular thing, and each of those people pays them a small amount per month or year to get their content
The Rise of Esports: Esports gets even more popular—and faster—because of the downtime for traditional sports. And more people can participate and observe in more types of competitions outside the constraints of reality
Millions of People Choosing Game Reality Instead of Legacy Reality: Given the natural tendency for income and wealth disparity in the real world (Piketty), combined with the massive jumps in gaming and human-computer interfaces in coming years, a lot of people are going to decide that they’d rather live in a fantasy world than the real one. Their Universal Income will be used to pay rent, food, and their gaming subscriptions, and pretty much everything that matters to them will happen in-game.
- It's Time for Global Health SOCs Powered by Wearables | Daniel Miessler
- The Difference Between Epidemic, Endemic, Pandemic, and Exponential Growth | Daniel Miessler
- 5 Things Ransomware Taught Me About Responding in a ...
- 1. To Pay, or Not to Pay?
2. Incident Response is Key
3. Getting Back to Basics
4. It's Not Just About Technology
5. Look Forward, Not Back
- Cybercrime May Be the World's Third-Largest Economy ...
- Coronavirus: What companies are ready for our new reality? | InsiderPro
- What kinds of companies may not survive coronavirus crisis
The companies most negatively affected are ones with a fixed business model of workers only in corporate facilities. Examples of this include the following:
Fixed call centers with banks of workers in front of terminals and on the phone
Retail companies that rely on customers walking in the door to buy goods
Service organizations that require on-site interactions
Logistics/transportation companies that have not yet gone mobile
Highly regulated (e.g., finance, healthcare) that chose to keep all data and access in a centralized location with no access from outside the corporate location.
Best-equipped to survive COVID-19
There is also a class of companies that are already equipped to work in a fully distributed employee model and in fact have been doing so already. Examples of this include the following:
Distributed call centers (e.g., insurance, finance, travel) that essentially have remote workers tied into corporate call center management systems over network connections, some of which may be from a home office
Companies already heavily cloud-based, and therefore can allow connectivity almost anywhere there is a terminal and high speed connection
Collaboration tool adopters (e.g., Microsoft Teams, Cisco Webex, Google, Zoom, Slack), that allow employees and groups to communicate easily and from virtually any location while sharing files and other information
Heavy mobile uses that are already remote most of the time, that use enterprise apps from a smartphone or tablet, as these are already geared to be used in a remote fashion
- Cybercrime is becoming bolder with data at the centre of the crime scene | Europol
- Dell Technologies Bolsters PC Security for Today's Remote Workers | Direct2DellEMC
- Arctic Security | Number of Potentially Compromised Organizations More than Doubles Since January
- Dragon News Blog: Research Shows Number of Potentially Compromised Organizations More than Doubles Since January
- 4 Cybersecurity Lessons from the Pandemic
- Lesson 1: Understanding Lateral Movement
Lesson 2: Know Where Infections Are
Lesson 3: Slow It Down
Lesson 4: Hygiene Is Critically Important
- IAPP-EY Annual Governance Report 2019
- https://legislation.nysenate.gov/pdf/bills/2019/S5575B
- Hospitals brace for increase in cyberattacks | TheHill
- What's new in Red Hat Enterprise Linux 8.2?
- 10 markers of a great cybersecurity program | CSO Online
- How to lock down RDP servers | CSO Online
- The basics: Patching, VPNs and strong passwords
- Zero Trust Part 2: Implementation Considerations | CSO Online
- 5 steps to building an effective disaster preparedness plan | CSO Online
- Microsoft Has a Service Continuity Plan in Place to Address the COVID-19 Outbreak | Alexander's Blog
- GitHub - ddneves/awesome-azure-learning: This repo includes plenty of references for Azure learning, especially for the Azure certs and Azure architecture, and any other learning materials e.g. security and automation topics.
- Episode 7: Security in a time of crisis | CSO Online
- CMMC explained: What defense contractors need to know | CSO Online
- Podcast: Why new remote work policies attract hackers | CSO Online
- 7 PSD2 questions every CISO should be prepared to answer | CSO Online
- Payment Services Directive (PSD2)
- List of Best Jupyter Notebook Alternatives – Linux Hint
- How Oracle Database knows it's running on the Cloud? - DBA - Rodrigo Jorge - Oracle Tips and Guides
- OJVM datapatch fails with ORA-29532 - root cause is noncdb_to_pdb.sql
- SANS Cyber Security Certifications & Research
- The homemade structural IT crisis | Born's Tech and Windows World
- Frankly spoken: these support periods are already too short for industrial systems. Until a new Windows version arrives in new SCADA products or devices, 3 – 4 years may pass – there are still 6 – 7 years left in which products get support. If the project planning and construction of a plant still takes 1-2 years, the Windows systems are still supported for 4-5 years at the point it’s getting installed.
- Facebook COVID-19 Symptom Map
- How one healthcare CISO is navigating the COVID-19 crisis | CSO Online
- Eliminating the Question of Age-related Friction in MFA Technology | CSO Online
- 77% of people have heard of two-factor authentication (2FA), up from 44% in 2017
53% have used 2FA, up from 28% in 2017
- Home Network Design - Part 2 - Black Hills Information Security
- Home Network Design - Part 1 - Black Hills Information Security
- Messing With Portscans With Honeyports (Cyber Deception) - Black Hills Information Security
- Detecting Long Connections With Zeek/Bro and RITA - Black Hills Information Security
- Checklist: Starting a Security Consulting Firm — Adam Caudill
- Free Ransomware Help for Coronavirus Healthcare Organizations
- The 15 biggest data breaches of the 21st century | CSO Online
- LIVE WEBINAR – Expand Your Cybersecurity Skillset and Become Windows Forensics Master 2.0 | CQURE Academy
- Work from home, phase 2: What comes next for security? | CSO Online
- Threat modeling explained: A process for anticipating cyber attacks | CSO Online
- A Geek's Trip Down Memory Lane - The BBS (Bulletin Board System)
- Lowering Grocery Bills Even with Corona Precautions and Restrictions | Penniless Parenting
- April 2020 Patchday: Review and issues | Born's Tech and Windows World
- Maintenance Windows: The Never Never Land of Patching – Dam Good Admin
- Python » Cyberfella
- What is DevOps? » Cyberfella
- git Cheat Sheet » Cyberfella
- Load Testing Your IIS Web Server
- Intro to Application Pools in IIS
- Setting up the Adafruit Huzzah ESP8266 Breakout
- End Microsoft Teams Meeting for all Attendees-Sharing Knowledge | Erwin Bierens Blog
- Koken – How to Export Albums and Images to a new Gallery system | g.fisk
- Powershell – Disable Active Directory/Office365 user | geekdudes
- Terraform – Azure Modules for creating VNET, VM and Application gateway | geekdudes
- Best Office 365 backup solutions - ITSMDaily.com
- How to Enable/Disable Volume Shadow Copy for Windows 10/8/7?
- 10 Places to Learn Golang
- The Top 10 Books on DevOps You Need to Read
- Transforming Your Organization with the Andon Cord
- Power BI Security | James Serra's Blog
- I Took a COBOL Course and I Liked It
- 25,757 companies use COBOL in 2020
emphasis on the idea that “this program will grow large and be maintained for decades”
- Create Your Own Blog for 5 Dollars a Month
- Become a React Developer in a Weekend
- Ransomware infection in Czech University Hospital of Brno | Born's Tech and Windows World
- Windows 7: Securing with the 0patch solution – Part 2 | Born's Tech and Windows World
- Windows 7: Forcing February 2020 Security Updates – Part 1 | Born's Tech and Windows World
- Windows Server 2012/R2/Terminal server: Temporay user profiles after February 2020 Updates | Born's Tech and Windows World
- Sunday Reading: Tools for Administrators (March 2020) | Born's Tech and Windows World
- Swisswindows AG goes bankrupt after Ryuk attack | Born's Tech and Windows World
- Chris's Wiki :: blog/sysadmin/WhyWeUse1UServers
- Chris's Wiki :: blog/tech/TLSThreeWorlds
- Chris's Wiki :: blog/sysadmin/IowaitIsNarrow
- Kubernetes » Cyberfella
- How I Studied for, and Passed, Microsoft Exam: AZ-900 Azure Fundamentals - Mohammad Darab
- The Week that Was, 4.18.20
- Tor Project lays off a third of its staff | ZDNet
- How To Restore an Oracle Autonomous Database? – Talip Hakan Ozturk's ORACLE BLOG
- Backing Up an Oracle Autonomous Database Manually – Talip Hakan Ozturk's ORACLE BLOG
- Oracle Database Upgrade - Quick Start Guide available
- Video : Online Table Move Operations in Oracle 12.2 Onward | The ORACLE-BASE Blog
- Locating Oracle Enterprise Linux Images for Azure
- SQL Server: Quickly clean backup history with dbatools - Blog dbi services
- My journey from DBA to DevOps – data-nerd.blog
- The Phoenix Project – Book Review – data-nerd.blog
- Running Jupyter Notebooks as Agent Jobs | SQL DBA with A Beard
- Response: Cisco Licensing Made Easier - EtherealMind
- How to Create a Beautiful HTML Report with PowerShell
- Rotating Windows Admin Passwords with Microsoft LAPS [Tutorial]
- 23 Must-Have Work Tips from a Working from Home Veteran
- PowerShell Strings: Everything You Wanted to Know
- Using PowerShell to Delete Files [All the Ways]
- The PowerShell Switch Statement: Much More than If/Then
- How to Up your Game with PowerShell Try Catch Blocks
- Managing Massive Media - Architecting IT
- Backblaze Pushes Past 1 Exabyte of Data Stored - Architecting IT
- The ultimate remote video conferencing and online meeting software cheat sheet 3.0
- Security, compliance, and privacy for remote collaboration software
- Working from home: my advice – Blog FiascoBlog Fiasco
- Microsoft Edge Privacy Whitepaper - Microsoft Edge Development | Microsoft Docs
- Zero-day ADV200006 – How to use GPOs to mitigate your Windows risks
- Solution for slow start of Windows Server 2016? | Born's Tech and Windows World
- Data breach at General Electric (GE) | Born's Tech and Windows World
- Hackers infects thousands of MS SQL servers with backdoors | Born's Tech and Windows World
- So You Want a Red Team Exercise? · System Overlord
- Building a very minimal initramfs
- EuroPython Society — Farewell to Oier Echaniz Beneitez
- Radio Garden
- Oracle 12c Database STIG Breakdown | Late Night Oracle Blog
- OJVM and the Mitigation Patch - Things to know in 2020
- OJVM and the Mitigation Patch - Things to know in 2020
- Oracle recovery concepts - Blog dbi services
- PostgreSQL 13: Backup validation and backup manifests - Blog dbi services
- Be Careful of What You Include In SQL*Net Security Banners
- Oracles Free TNS Firewall - VALIDNODE_CHECKING
- World Backup Day- Backing up an Oracle Database using RMAN to Azure Blob Storage
- Paying Off Your Mortgage Early Will Destroy Your Finances
- Mainframes Are Having a Moment - IEEE Spectrum
- Erman Arslan's Oracle Blog: ZDLRA - as a Simple and Reliable Migration Solution
- ZDLRA
- Oracle Critical Patch Update Advisory - April 2020
- Top STIG – Part 1 | Late Night Oracle Blog
- Hospitals turning away sick people as coronavirus cases surge - Japan Today
- Japan enters 1st weekend under nationwide state of emergency - Japan Today
- New York governor attacks Trump for 'passing buck' on pandemic response - Japan Today
- "That is passing the buck without passing the bucks." - Andrew Cuomo
- The Guide to Na-Adjectives and "So-Called" No-Adjectives
- How to use Jitsi Meet, an open source Zoom alternative - Tech Magazine
- OPatch Alert: Be aware of cleanup issues - and the JDK version
- Patching all my environments with the April 2020 Patch Bundles
- Learn ps command in Linux to display processes tutorial with examples
- Real sysadmins don't sudo | Enable Sysadmin
- What is an Ubuntu LTS release? | Ubuntu
- Creating Conspicuously Compelling Content | The Networking Nerd
- Oracle April 2020 Critical Patch Advisory - PL/SQL detailed changes - DBA - Rodrigo Jorge - Oracle Tips and Guides
- What’s new with Oracle database 11.2.0.4.200114 versus 11.2.0.4.200414 | Frits Hoogland Weblog
- 3 antimalware solutions for Linux systems | Enable Sysadmin
- ClamAV
rkhunter
chkrootkit
- Clean and reliable setup for dependency installation
- How to Install PostGIS PostgreSQL Geographic Information Systems on Debian 10
- The 12 Habits of Highly Effective Software Developers
- How I've adjusted my work-from-home habits | Opensource.com
- The 30 Best Free and Open Source Cybersecurity Tools
- The Linux Setup – Jared Domínguez, Red Hat – Linux Rig
- DBLD: a syslog-ng developer tool not just for developers - Blog - syslog-ng Community - syslog-ng Community
- DBLD
- 5 IDEs for sysadmins | Enable Sysadmin
- Spyder
Atom
Eclipse PyDev
Geany
Brackets
- Linux housekeeping: Handling archives and backups | Enable Sysadmin
- Can You Get a Virus on Your Smart TV? - Make Tech Easier
- My seventh year working at Mozilla – Alex Gibson
- Welcome to remote working – Bit Stampede
- Simple way to install ADB & FastBoot on Ubuntu - The Linux GURUS
- What’s your cloud safety plan? -- GCN
- Data Is A Strategic Weapon : Pete Brey of Red Hat | TFiR
- Linux at Home: Cooking with Linux - LinuxLinks
- Create A LiveCD Media | Linux.org
- A hole in one: Firewall exception testing and troubleshooting | Enable Sysadmin
- The Sandboxie Windows sandbox isolation tool is now open-source!
- How I containerize a build system | Opensource.com
- Here's how to guard against 'indestructible' xHelper Android malware
- Remote work tips and strategies from Red Hatters
- Do Your Project Management Remotely With Leantime
- Between Software and Service
- Download Microsoft Garage Mouse without Borders from Official Microsoft Download Center
- Easy DIY Canned Food Storage Anyone Can Build
- LEI Numbers Are Creating a Transparent Financial Industry – Economy
- 14 Ways to Make Your Yard Look Awesome for Under $100
- curl is not removing FTP | daniel.haxx.se
- The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots | WIRED
- 5 Renovations That Don't Increase Your Resale Value
- Aoi Ike Pond: Hokkaido's "Unintentionally" Humanmade Blue Pond
- How to Write an Outstanding Business Essay – Business for Beginners
- Automatically ripping CDs on linux – Image Tracking
- Random Thoughts and Geekery by Ant Zucaro
- Contents | Enovision Notes
- 5 Excellent Free Books to Learn Tcl - LinuxLinks
- Clementine – A Modern Music Player and Library Organizer
- Quickly Get Ansible up and Running – Unadulterated Nerdery
- 7 techniques for assessing frequency when quantifying (cybersecurity) risks
- Upgrade vCenter 6.5 to vCenter 7.0 with GUI – The Wifi-Cable
- Tips to prevent Zoom Bombing, Security and Conference Hygience - EtherealMind
- Nearly Half of Employees Don't Know What to Do When Ransomware Hits
- The Bane of Backwards Compatibility | The Networking Nerd
- Attaching LTO Tape drives via USB or Thunderbolt | Matt's Tech Pages
- Why you need Build Automation Tools for Selenium Automation Testing? | Codementor
- 40 Useful git Commands for Linux Admins and Developers
- Windows command line management tool for HP LTFS | Matt's Tech Pages
- Rip CD's with abcde | Enovision Notes
- What I Think I Know About COVID-19 and Its Personal Impact - EtherealMind
- 9 open source CSS frameworks for frontend web development | Opensource.com
- Simple Speech to Text Converter Using Speech Recognization in Python | Codementor
- How To Use Ansible with SSH Jumphost | Unix Tutorial
- Chris's Wiki :: blog/solaris/ZFSOurContainerFilesystems
- PC shipments see their largest drop in four years due to COVID-19 | Engadget
- Stuck at Home with Slow Internet, Rural Communities Turn to Mesh Networks - TidBITS
- The Greatest Asset to Open Source is Community - SDxCentral
- Sandboxie is now an open source tool! – Sophos News
- Exaile is an open source and cross platform music player for Windows, macOS and Linux - gHacks Tech News
- 15 Useful Examples of touch Command in Linux System
- CS Blog: Encrypting Distributed Databases With Provable Security
- CIOs to shift from 'buy' to 'build' using Open Source, IT News, ET CIO
- Relocations: fantastic symbols, but where to find them?
- Easy containers on Fedora with toolbox | Just another Linux geek
- Bored during Quarantine? Get some Soldering Kits to keep you Busy (Crowdfunding & Alternatives)
- Hackers Can Compromise VMware vCenter Server Via Newly Patched Flaw | SecurityWeek.Com
- How to record your webcam on Linux
- Red Hat’s new CEO says it will remain independent under IBM | Raleigh News & Observer
- Open Source Cookbook
- 5 open source activities while you work from home | Opensource.com
- The best free and open-source alternatives to Hangouts and Duo on Android
- An open source model for greenhouses with supplemental lighting
- Traditional Japanese seal system hampers telework for some - Japan Today
- 25 Practical mv Command in Linux for Everyday Users
- How to secure wipe USB drive, SD card on Ubuntu | FOSS Linux
- How to Check Open Ports on Linux System | 2daygeek.com
- How to use LXD to deploy containers - TechRepublic
- 15 Open Source Rescue Solutions For Companies Working Remotely under a Lockdown or Quarantine
- OpenJDK 8/11 vs. GraalVM 20 vs. Amazon Corretto JVM Benchmarks - Phoronix
- Announcing the Unbreakable Enterprise Kernel Release 6 for Oracle Linux | Oracle Linux Blog
- Ansible 101 videos with Jeff Geerling, and more Ansible news | Opensource.com
- PCLinuxOS Magazine - Page 11
- Safer SSH agent forwarding ⁕ Vincent Bernat
- How to avoid man-in-the-middle cyber attacks | Opensource.com
- Bitwarden: A Free & Open Source Password Manager - It's FOSS
- Remote support options for sysadmins | Enable Sysadmin
- Why Linux containers are a CIO's best friend | CIO Dive
- CIS hardened Ubuntu: cyber attack and malware prevention for mission-critical systems | Ubuntu
- Information Gathering Techniques and Process, Hacker must Know | CYBERPRATIBHA
- Episode 191 - Security scanners are all terrible
- sshd attack traffic - blog.asleson.org
- Robotic Process Automation (RPA): 6 open source tools | The Enterprisers Project
- 5 tips for working from home from a veteran remotee | Opensource.com
- How to clean your computer screen
- It's all in the dot file - YADM and Homeshick
- Linux system housekeeping 101: Managing file storage | Enable Sysadmin
- 7 echo command uses in Linux with examples | FOSS Linux
- Reviewing Docker Logs | Unix Tutorial
- Watch Synchronized Videos With Your Remote Friends Using Syncplay (Linux, macOS, Windows) - Linux Uprising Blog
- 5 Things I Wish I Knew Before Starting a Tech Career - YouTube
- NASA CIO Agencywide Memo: Alert: Cyber Threats Significantly Increasing During Coronavirus Pandemic
- LibreOffice Information: Presentation templates for Impress
- Wi-Fi Not Working on Ubuntu? Here's How to Fix it - Make Tech Easier
- Downloading Oracle Linux ISO Images | Oracle Linux Blog
- How To Run Docker As Non-root User In Linux - OSTechNix
- How to Get IP Address of A Docker Container – TecAdmin
- Setting up logrotate in Linux | Enable Sysadmin
- How to Use Ansible Vault to Secure Sensitive Data
- 2 Ways to Upgrade Ubuntu 18.04 To Ubuntu 20.04 (Graphical & Terminal)
- Creating Virtual WLAN Interfaces - SUSE Communities
- List SAN domains for a certificate Using awk, echo
- Ubuntu Core: an independent security analysis | Ubuntu
- [Stay at Home] Step By Step to Use Jitsi Video Conference
- 2020-04: LaTeX at the Law Library, ClusterSSH | KWLUG - Kitchener-Waterloo Linux User Group
- Book club: Latacora -- Stop using encrypted email
- Getting Started with Ansible Security Automation: Investigation Enrichment – /home/liquidat
- Childcare and COVID-19: What Is Legal? - FindLaw
- 6 Things That Are Now Illegal After COVID-19 - FindLaw
- MIT is working on a way to track COVID-19 while protecting privacy | Engadget
- WSJ: Travelex paid ransomware ring $2.3 million | Engadget
- German Military Cyber Operations are in a Legal Gray Zone - Lawfare
- Manage And Monitor Linux Kernel Modules With Kmon - OSTechNix
- How to Create a DIY Chromecast Using Raspberry Pi and Raspicast - Make Tech Easier
- Use Encrypted Email in Thunderbird with ProtonMail Bridge
- Zoom: You should hire an appropriate package maintainer
- Learn Python Identity Operator and Difference Between "==" and "IS" Operator
- Your occasional enterprise storage digest, featuring Commvault, Nutanix, HYCU, MariaDB and more – Blocks and Files
- Powering SAP NetWeaver on RHEL 8
- Build a thermal camera with Raspberry Pi and Go - Level Up Coding
- Concretedog: Trying to be useful! An Introduction to Inkscape
- Pulse+IT - Open source approach for patients arriving at the clinic with Clinic Arrivals
- When to use the Clean Architecture? - Breadcrumbs Collector
- The 7 most popular ways to plot data in Python | Opensource.com
- Better than Zoom: Try these free software tools for staying in touch — Free Software Foundation — working together for free software
- Building a sensing prosthetic with the Raspberry Pi | Opensource.com
- Conficker a Twelve Years Old Malware Attack Connected Objects | NeosLab
- More good news: Medical equipment is still prone to hacker attacks | VentureBeat
- Canadian premier infuriated by Trump, says Canada helped U.S. after 9/11 - Japan Today
- Newfoundland Premier Dwight Ball said one of the great lessons in humanity is that in times of crisis you don’t stop being human.
- Running an event-driven health management business process through a few scenarios: Part 1 - Red Hat Developer
- World Backup Day: A plan of action | Enable Sysadmin
- Get started with Bash scripting for sysadmins | Opensource.com
- The 20 Best Python Tips and Tricks You Must Know in 2020
- 21 Important Penetration Tools in Kali Linux - Make Tech Easier
- Google Squashes High-Severity Flaws in Chrome Browser | Threatpost
- How to SSH Properly
- Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab
- ‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security
- Zoom Calls Are Not End-to-End Encrypted Contrary to Claims
- Zoom isn’t actually end-to-end encrypted - The Verge
- Why isn't the government publishing more data about coronavirus deaths? | Jeni Tennison | Opinion | The Guardian
- How Coronavirus can make open-source movements flourish and fix our healthcare systems - Dataconomy
- Embedded Linux joins the Covid-19 battle
- NIH Approved 3D-Printed Face Shield Design For Hospitals Running Out Of PPE | Hackaday
- Refactoring in Ansible: extract Variable | Adam Young’s Web Log
- The cataloging of free software — Free Software Foundation — working together for free software
- ‘Zoombombing’ is a federal offense that could result in imprisonment, prosecutors warn - The Verge
- Data Security and U.S.-China Tech Entanglement - Lawfare
- The Cyberspace Solarium Commission: From Competing to Complementary Strategies - Lawfare
- Jacquelyn Schneider
- 9 ingenious ways to give your old Android phone new life - CNET
- From the Canyon Edge: How We've Adapted Ubuntu's Time-based Release Cycles to Fintech and Software-as-a-Service
- The Key Principles of Coordinated Cycles
As a product development team, you have:
Time
Work to complete
Resources to perform work
- How to Create TXT Template Scripts in BASH - Make Tech Easier
-
- Emotet Malware Shut Down Microsoft's Entire Network By Overheating PCs
- Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself - TidBITS
- 3-Year-Old RCE Bug Puts Millions Of OpenWRT Devices At Risk
- Federal Executive Emergency Authorities to Address COVID-19 - Lawfare
- Unpacking TikTok, Mobile Apps and National Security Risks - Lawfare
- Zoom Meeting Settings and Other Helpful Info for Teachers and Instructors – Bruce Elgort
- Zoom Meeting Code of Conduct Suggestions – Bruce Elgort
- Zoom will enable waiting rooms by default to keep trolls out | Engadget
- 40 Practical and Useful awk Command in Linux and BSD
- IEEE Launches its Open Source Collaboration Platform
- CNCF tools: 5 hot open-source cloud solutions for your application stack
- Smart cards login on Ubuntu | Ubuntu
- Surviving the Frequency of Open Source Vulnerabilities
- An Open Source Shipboard Computer System | Hackaday
- Doc Searls Weblog · Zoom’s new privacy policy
- Unemployment Benefits: A Visual Guide to Unemployment Claims
- Navi - An Interactive Commandline Cheatsheet Tool - OSTechNix
- Zeek and Jitsi: 2 open source projects we need now | InfoWorld
- Build a private chat server with a Raspberry Pi and Rocket.Chat | Opensource.com
- How to play Sega Master System games on Linux
- I had to build a web scraper to buy groceries | Utku's Blog
- AI tool predicts which coronavirus patients get deadly 'wet lung' - Japan Today
- The Intelligence Contest in Cyberspace - Lawfare
- How to Run Penetration Test on Android Phone Camera Using Kali Linux - Make Tech Easier
- 7 remote work discipline tips for the sysadmin | Enable Sysadmin
- Azul Systems brews up fresh blend for open source Java - Open Source Insider
- A case study: Improving patient outcomes with Open Source
- Field hospital set up in New York's Central Park - Japan Today
- 6 Tips for Excelling in an MBA Program – Business for Beginners
- Insurance For Small Business: Policies Protect Your Assets – Business
- Hubble captures the immense 'tsunami' power of quasars | Engadget
- IT Automation Tools Are No Longer Enough - DevOps.com
- Automation as a Trait, Not a State
"There is no such thing as a perfect tool, and don’t let anyone try to tell you otherwise. The good news is it’s not about having a perfect solution, it’s about the experience that can be gained from a solution. Every organization is unique and there is no one-size-fits-all option."
- Is O'Reilly’s Exit from In-Person Conferences a Portent of Changes to Come? - TidBITS
- "It will be fascinating to see which of our assumptions about how things should be turn out to be merely the way we’ve always done them, rather than the way they could be done better for individuals, for society, and for the planet."
- The psychological impact of COVID-19 isolation, as explained by scientists | Engadget
- Tsurugi Linux Review: A Linux Distro For Digital Forensics, OSINT, And More
- Tsurugi Linux
- The Cyberspace Solarium Commission Report and Persistent Engagement - Lawfare
- Security, Privacy and the Coronavirus: Lessons From 9/11 - Lawfare
- How Recovered COVID-19 Patients Might Help Fight the Pandemic - Lawfare
- Using LibreOffice for your open source budgeting tool | Opensource.com
- 5 Linux backup and restore tips from the trenches | Enable Sysadmin
- Top 7 Configuration Management Tools
- https://cyberdefense.orange.com/wp-content/uploads/sites/9/2020/03/whitepaper-threat-of-cyberattacks-on-healthcare-and-covid-19.pdf
- Operators behind Nefilim Ransomware threaten to release stolen dataSecurity Affairs
- Most ransomware attacks take place outside the working hoursSecurity Affairs
- The Morning After: Siri has a COVID-19 questionnaire | Engadget
- Oprah debuts free Apple TV+ series discussing COVID-19 | Engadget
- 400,000 new people have joined Folding@Home's fight against COVID-19 | Engadget
- Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies | Alexander V. Leonov
- Resolve-DnsName: The PowerShell Way to DNS Lookup
- ER docs don smart rings to better predict COVID-19 infections | Engadget
- 7 open hardware projects working to solve COVID-19 | Opensource.com
- Tools Used in My Automation Projects
- Managing the Complexity of Jinja2 Templates in Ansible « ipSpace.net blog
- Ransomware Groups Promise Not to Hit Hospitals Amid Pandemic | WIRED
- Open Data Sources for AI in Industry
- Demystifying Containers – Part IV: Container Security - SUSE Communities
- Set Up SMTP and IMAP Proxy with HAProxy (Debian, Ubuntu, CentOS)
- Why Automation Holds the Key to Security Governance and a Culture of Collaboration - Infosecurity Magazine
- How technical debt is risking your security | Opensource.com
- Open-source security tools for cloud and container applications
- GNS3 – Network simulator to configure virtual networks on Linux | FOSS Linux
- Java 14 Improves Developer Productivity with New Performance Features | IT Pro
- Who-T: It's templates all the way down
- How Do You Spy When the World Is Shut Down? - Lawfare
- What’s in Trump’s Executive Order on the Defense Production Act? - Lawfare
- From the Canyon Edge: Time to Cook!
- How to set up PXE boot for UEFI hardware | Enable Sysadmin
- A short list of useful coronavirus resources
- How Complex Systems Fail – Perspectives
- Anti-Coronavirus Procedures: Educate Your Staff – Workplace Safety
- Uber open-sources Piranha, a tool that automatically deletes stale code | VentureBeat
- Introducing b4 and patch attestation — Konstantin Ryabitsev
- Building a split mechanical keyboard with a Raspberry Pi Zero controller - Raspberry Pi
- AirView Wireless Touchscreen Display Works with Phones, Laptops, Raspberry Pi, Etc. (Crowdfunding)
- My top 6 open source frameworks for web development | Opensource.com
- The Linux Setup (Again) – Charles Profitt, System Administrator – Linux Rig
- Public interest group tells medical equipment makers to release their repair manuals | Engadget
- How to use a button with a Raspberry Pi - Raspberry Pi
- Raspberry Pi Chromecast? Open-Source Project Makes it Possible | Tom's Hardware
- Article series from the open organization community | Opensource.com
- X4: Split Vendetta expansion and a huge free 3.0 update announced for release on March 31 | GamingOnLinux
- Health groups vulnerable to cyberattacks as coronavirus crisis ramps up | TheHill
- Java 14 Reaches General Availability With Garbage Collection Improvements - Phoronix
- From sysadmin to DevOps | Enable Sysadmin
- DevOps values
Culture represented by human communication, technical processes, and tools
Automation of processes
Measurement of KPIs
Sharing feedback, best practices, and knowledge
DevOps principles
Develop and test against a production-like environment
Deploying with repeatable, reliable processes
Monitor and validate operational quality
Amplify feedback loops
DevOps Practices
Self-service configuration
Automated provisioning
Continuous build
Continuous integration
Continuous delivery
Automated release management
Incremental testing
- Updating the BIOS (System Firmware) from the Device Manager in Windows 10
- Message to my IT/hacking friends (Mar17) | metaprogramming and politics
- Turning your Raspberry Pi 4 into an edge gateway – Part 2 | Ubuntu
- Oracle Database on YouTube – ThatJeffSmith
- Oracle Database on YouTube – ThatJeffSmith
- Why remote working can be good for people, business and environment
- On boxing, tabletop exercises and threat models | Ubuntu
- Speeding up container image builds with Buildah | Enable Sysadmin
- What is Elasticsearch? - JB Computerization
- The Case for vVols and Ransomware – Cody Hosterman
- IT Infrastructure Business Continuity & Disaster Recovery (BC/DR) – Corona Virus edition | CloudXC
- Getting Started using SSH with PowerShell [Tutorial]
- How Red Hat tackles security | ZDNet
- Netflix Open Sources Crisis Management Orchestration Tool
- Fake Coronavirus Tracker Promises Safety, Installs "Covidlock" Ransomware Instead
- Covidlock
- Web performance testing: 18 free open-source tools to consider | TechBeacon
- The Challenge of Software Liability - Lawfare
- [Howto] Using toolbox in Fedora / RHEL 8 for easy management of CLI tools – /home/liquidat
- Better to Be Realistic About the Security Opportunities of Cloud Computing - Lawfare
- Time for Regulators to Take Cyber Insurance Seriously - Lawfare
- The Cyberspace Solarium Commission’s Mandate to Fix Congressional Oversight - Lawfare
- 7 Linux Distros for Security Testing - Security Boulevard
- Backbox
BlackArch
DEFT
Kali Linux
Parrot Security
Pentoo Linux
Samurai Web Testing Framework
- Developments in the field of information and telecommunications in the context of international security – UNODA
- Enterprise Linux Red Hat Fixed 85% of Critical Flaws Within 7 Days: Report
- System76 Blog — A Look Back at Manufacturing
- COVID-19: We will come through this together - Japan Today
- This is a time for prudence, not panic. Science, not stigma. Facts, not fear.
- Samsung Galaxy pad E SM-T560 – enable TWRP recovery, rooting and flashing Android 7.1 using Ubuntu Linux workstation and Heimdall flashing suite. – Sloppy Linux Notes
- Alphabet's Verily launches coronavirus screening service in California | Engadget
- After Math: How COVID-19 is already clobbering 2020 | Engadget
- Raspberry Pi vs antibiotic resistance: microbiology imaging with open source hardware - Raspberry Pi
- Essential things to know about container networking | Network World
- Elephant is an open source, cross platform note taking application - gHacks Tech News
- Bullet journaling for sysadmins | Enable Sysadmin
- Digital Transformation in Italy, Powered by OpenShift – Red Hat OpenShift Blog
- GitHub - glytchtech/ESPCam: STL and Configuration Files for Glytch's ESPCam Project
- 9 Hand exercises for computer users
- OpenStreetMap: A Community-Driven Google Maps Alternative - It's FOSS
- Jaffar's (Mr RAC) Oracle blog: RAC DB upgrade from 11.2.0.4 to 12.1.0.2 ASM prerequisites fail with DUBA
- Sysadmin Stories: Distributed vRealize Automation 7.x Orchestrated Shutdown, Snapshot and Startup using PowerCLI
- What’s New in vSphere 7.0 Storage Part II: GuestInfo VirtualDiskMapping – Cody Hosterman
- C Programming Language Reported Highest 47% Vulnerabilities In 2019
- The next generation of hackers may target your medical implants | Salon.com
- Jenkins security: Latest advisory highlights more than 20 vulnerable plugins | The Daily Swig
- The Ultimate PCAP | Weberblog.net
- Amabie: the Japanese Yokai That Can Stave Off Epidemics | Spoon & Tamago
- What’s In Trump’s National Emergency Announcement on COVID-19? - Lawfare
- Backblaze’s 2019 Hard Drive Reliability Statistics - TidBITS
- Responding to COVID-19, Apple Closes All Stores Outside China - TidBITS
- Fiscal Measures during the Coronavirus (COVID-19) Outbreak
- Netflix pauses production on 'Stranger Things,' other shows due to coronavirus | Engadget
- Thoughts and Recommendations Surrounding COVID-19 - TidBITS
- How to enable the zRAM module for faster swapping on Linux - TechRepublic
- How do you flush DNS cache on Linux? Read to find out!
- How to access a Plex Server on Raspberry Pi – AddictiveTips
- How to whiteboard collaboratively with Drawpile | Opensource.com
- Hackers are spreading fake Android coronavirus trackers to steal your Bitcoin
- Mitigating new LVI Intel security vulnerability will have big impact on CPU performance
- New Relic – the State of Java Report
- Data Sharing and Open Source Software Help Combat Covid-19 | WIRED
- The Last Hurrah Before The Server Recession
- with 1.05 million machines being sold by the ODMs who supply iron to these companies, up a stunning 53 percent and driving revenues up 37.9 percent to $6.47 billion. Clearly, with the hyperscalers and cloud builders buying mostly X86 servers and with increasing competition between Intel and AMD, the hyperscalers are getting great deals on processors with AMD leading the price
- Hackers are making malware-infected coronavirus maps to harvest personal information | Salon.com
- Live Coronavirus Map Used to Spread Malware — Krebs on Security
- Layered Cyber Deterrence: A Strategy for Securing Connectivity in the 21st Century - Lawfare
- The Cyberspace Solarium Commission Report: A Lawfare Series - Lawfare
- Why Is Congress Conducting Business as Usual in the Face of Coronavirus? - Lawfare
- Different Ways To Repeat Your Last Command In Linux - OSTechNix
- How to Turn Your Raspberry Pi 4 into an Edge Gateway - Make Tech Easier
- Add timestamp + change history size in your linux history | Linux.org
- Microsoft Fixes 115 'Security Holes' In Latest Patch Tuesday Update
- Adding a display to a travel-ready Raspberry Pi Zero | Opensource.com
- COVID-19 Trade Show Impact - SDxCentral
- Sysadmin tools: exa, a modern alternative to ls in Linux | Enable Sysadmin
- Brute Force Attacks - Pen Testing Using Hydra and RSMangler - Putorius
- RSMangler
- 7 tips to speed up your Linux command line navigation | Enable Sysadmin
- How to Enable Nested Virtualization in VirtualBox on Linux
- New governance model for the Django project | Weblog | Django
- An end to high memory? [LWN.net]
- How to Download YouTube videos on Android
- Introducing the guide to getting started with the Raspberry Pi | Opensource.com
- 5 tips to ace a sysadmin interview | Enable Sysadmin
- One year of Mergify
- Make SSL certs easy with k3s | Opensource.com
- FreeBSD To Sponsor Work For 802.11ac Support - Phoronix
- How to set up the Raspberry Pi Zero for travel | Opensource.com
- You-Get - downloader that scrapes the web - LinuxLinks
- Communicating with other users on the Linux command line | Network World
- 83% of medical imaging devices running on outdated operating systems, report finds
- vSphere 7 with Kubernetes - YouTube
- Guess who else likes your backups in the Cloud? | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- Cloud security is your responsibility and backups are the keys to your kingdom.
- Troubleshooting CIM on ESXi | Adventures in a Virtual World
- VMware vCenter upgrade from 6.7 to 7.0 | KISSTIBOR.info
- vSphere 7.0 Link-O-Rama » Welcome to vSphere-land!
- vSphere 7: What’s new | JohannStander
- VMware vSphere 7 Announced | TinkerTry IT @ Home
- vSphere 7 - What's New? - VirtuallyInclined.com
- Cyber Strategy and Talent - Lawfare
- 2020 Cybersecurity Outlook Report: Key Findings (Part 1 of 2) | Security Blog | VMware
- How will the coronavirus affect your personal finances?
- Boost Employee Morale in 5 Easy Steps – Running Your Business
- Specialty Electrical Tapes | Matt's Tech Pages
- CCNA Training » Layer 2 Threats and Security Features
- SMB over QUIC: Files Without the VPN
- 10 Optimizations on Linear Search - ACM Queue
- "Lesson learned: always figure out the real problem and what the most effective way of solving it as opposed to pushing the problem down the stack or into the cloud." - Ivan Pepelnjak
- Trump Suggests Suspending Payroll Tax for the Rest of the Year
- How Barcodes Have Revolutionized Society – Running Your Business
- 6 security metrics that matter – and 4 that don’t | CSO Online
- Results of simulated phishing attacks.
Mean time to recover.
Mean time to detect.
Penetration testing.
Vulnerability management.
Enterprise security audits.
- How Reliable Are S&P 500 Stock Dividends? Historical Drawdowns — My Money Blog
- ITIL Service Strategy: What You Should Know – Running Your Business
- Some Other Examples of Improper IT Management
1. End users do not know who to contact when they have a problem with their computers and other IT devices.
2. Technicians attend end user calls in a disorganized manner.
3. Business managers are frustrated and limited in their ability to manage their teams because of frequent network disruptions.
4. Companies cannot fulfill orders for products and services for their customers.
5. End users can’t count on IT services being available on a daily basis. Therefore, they are unable to fulfill their obligations to the company and to customers.
6. Frequent virus infections hamper activities. Long shutdowns are common.
7. End users face a shortage of computers and disk space. Data corruption and data loss are rampant throughout the organization.
- Deloitte: 8 things municipal governments can do about ransomware | CSO Online
- Keep critical data compartmentalized so it’s harder for ransomware to encrypt.
Disable extraneous services on connected devices.
Put policies in place that prohibit checking personal email or playing games on critical hardware.
Develop air-gapped backups.
Train all employees to be more cybersecurity aware.
Use war-gaming exercises to simulate ransomware attacks.
Patch and update systems and software in a timely manner.
Communicate and collaborate with peer organizations to share information and learn from each other’s successes and failures.
- Top cybersecurity facts, figures and statistics for 2020 | CSO Online
- 9 key cybersecurity statistics at-a-glance
94% of malware is delivered via email
Phishing attacks account for more than 80% of reported security incidents
$17,700 is lost every minute due to phishing attacks
60 percent of breaches involved vulnerabilities for which a patch was available but not applied
63 percent of companies said their data was potentially compromised within the last twelve months due to a hardware- or silicon-level security breach
Attacks on IoT devices tripled in the first half of 2019.
fileless attacks grew by 256 percent over the first half of 2019
Data breaches cost enterprises an average of $3.92 million
40 percent of IT leaders say cybersecurity jobs are the most difficult to fill
- IT Salary Survey: Do tech certifications pay off? | InsiderPro
- 8 PCI DSS questions every CISO should be able to answer | CSO Online
- Secrets of industry-hopping CSOs | CSO Online
- EU plans to introduce sweeping 'right to repair' legislation for electronics | Engadget
- The Layman’s Term Guide to AWR for Microsoft- Part I
- Resilience is the Needed Middle Ground Between Denial and Panic | Daniel Miessler
- Detecting Malware Beacons With Zeek and RITA - Black Hills Information Security
- The Wisdom of the (Storage) Crowd - Architecting IT
- What to do during a stock market crash
- ADHD - Active Countermeasures
- Active Domain Active Defense
- What Kind Of Health Benefits Can I Get From Tropical Foods? | Penniless Parenting
- Data Guard and RAC on Docker : Perhaps I was wrong? | The ORACLE-BASE Blog
- What’s New in vSphere 7 with Kubernetes, VCF 4 and vSAN 7? The Important Bits – Ather Beg's Useful Thoughts
- What’s New in vSphere 7? The Important Bits – Ather Beg's Useful Thoughts
- Auditing by the Numbers | Late Night Oracle Blog
- Parsing Nessus v2 XML reports with python | Alexander V. Leonov
- From the Canyon Edge: Working from Home -- Lessons Learned Over 20 Years and Shopping List
- Build great distance learning and collaborative experiences with open source technology | Moodle
- Set Up OpenDMARC with Postfix on CentOS/RHEL to Block Email Spoofing
- All-in-One Toolkit for Criminal Investigations | Purdue OTC
- Cumulus Rolls Out Open Source Network Automation Toolkit - SDxCentral
- LISA2019 Linux Systems Performance
- Erman Arslan's Oracle Blog: Exadata -- About Extended (XT) Storage Servers
- Creating Dynamic Network Diagrams with Graphviz
- There Are No More Green Fields | The Networking Nerd
- AMD CPUs for the past 9 years are vulnerable to data leak attacks | Engadget
- Banner Grabbing - Penetration Testing Basics - Putorius
- Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades | Hackaday
- RUBICON
- Coronavirus (COVID-19) | Delta News Hub
- Using LibreOffice for your open source budgeting tool | Opensource.com
- WireGuard Gives Linux a Faster, More Secure VPN | WIRED
- Windows 10 Alert: This Is The Default Setting You Must Change To Stay Safe
- PSA: jQuery is bad for the security of your project
- Optimise Your Apache Server for it's Best Performance!
- Using Ansible to define and manage KVM guests and networks with YAML inventories | Just another Linux geek
- API? It's not that scary! - DaPythonista
- Designing Ebooks with Free Software » Linux Magazine
- GitHub - automatic-ripping-machine/automatic-ripping-machine: Automatic Ripping Machine (ARM) Scripts
- Android had the most vulnerabilities of any OS in 2019 - Gizchina.com
- How to run and manage a Docker container on Linux Ubuntu/Debian
- Asia-Pacific economies face $211 bil hit from virus, says S&P - Japan Today
- $211 bil
- 10 Linux/Open Source Vulnerabilities of All Time
- How is Virtual Memory Translated to Physical Memory? - VMware vSphere Blog
- Sysadmin tools: 11 ways to use the ls command in Linux | Enable Sysadmin
- Useful Ubuntu Keyboard Shortcuts For Beginners – Itsubuntu.com
- Backup And Restore Linux Desktop System Settings With Dconf
- SD Card Speed Test - Raspberry Pi
- FDA warns patients about Bluetooth flaws affecting pacemakers, glucose monitors
- Top 5 VirtualBox Alternatives for Linux - NoobsLab | Tips for Linux, Ubuntu, Reviews, Tutorials, and Linux Server
- Shell Script to run a SQL script – DBA Tutorials
- Jaffar's (Mr RAC) Oracle blog: Oracle 11.2.0.1 upgrade with restore point scenario fails
- Newsletter: March 7, 2020 – Notes from MWhite
- Several Linux Systems Can Be Hacked Via This 17-Yr-Old RCE Flaw
- Nmap command line info gathering magic | Enable Sysadmin
- Android Hidden Codes: These are the secret codes of your device
- Cockpit - Highway to the admin zone
- Top 10 disk space analyzer tools to use on Linux systems in 2020
- Upgrade Testing - Online Clone a PDB to Oracle 19c
- Unreal Load Testing in the Cloud
- RAC on Azure- Link to Microsoft Tech Blog
- Learn Python Set/Frozenset Data Structure – Part 4
- 2020-03: Audacity, Saltstack | KWLUG - Kitchener-Waterloo Linux User Group
- Persistent Engagement Neglects Secrecy at Its Peril - Lawfare
- IT Projects vs. Non-IT Projects: A Managerial Perspective – Technology
- Right Tool For The Job - Cloud for the win!
- VCDX181.com - Project Pacific Technical Overview for New Users
- History of Destructive Cyberattacks | Security Blog | VMware
- What Is a Journaling File System? - Make Tech Easier
- Watching activity on Linux with watch and tail commands | Network World
- Bash Script to Check How Long the High CPU/Memory Consumption Processes Runs on Linux | 2daygeek.com
- How to determine Linux guest VM virtualization technology - nixCraft
- Four-slot Raspberry Pi cluster board starts at $80
- CloverPI: Take your Raspberry Pi to the next Level!!! by Michael Alsdorf — Kickstarter
- Putting The Fastest Correction In History Into Context – The Felder Report
- DON'T PANIC | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- How To Complete a STIG Review | Late Night Oracle Blog
- It took Google months to patch a serious Android security flaw | Engadget
- Google cancels I/O developer conference amid coronavirus fears | Engadget
- NASA maps show the effect of a quarantine on air pollution | Engadget
- Amazon confirms first coronavirus diagnosis among US employees | Engadget
- 16 best practices for improving cybersecurity - TechRepublic
- Collaboration helps cybersecurity
Implement Zero Trust to tighten cybersecurity
1. Establish a clear identity and access management strategy that includes multi-factor authentication (MFA)
2. Create an up-to-date asset inventory that distinguishes between managed and unmanaged devices
3. Create a trusted device policy that prompts users to update their devices against measured vulnerabilities
4. Control user access through a centrally managed policy that identifies and acts upon exceptions
5. Build an architecture and set of processes that enables users to access on-premise and cloud applications
Test your response plan to prepare for cyberattack
1. Review and improve security practices regularly, formally, and strategically over time
2. Regularly review connection activity on the network to ensure that security measures are working as intended
3. Integrate security into the organization's goals and business capabilities
4. Routinely and systematically investigate security incidents
5. Put tools in place to provide feedback about security practices
6. Increase security controls on high-value assets as necessary
7. Integrate security technologies
8. Keep threat detection and blocking capabilities up to date
9. Make it easy to determine the scope of a compromise, contain it, and remediate
- Three things CISOs need to do differently in 2020 - TechRepublic
- Build a modern culture
Collaborate with other company leaders
Expand your communication strategy
- COVID-19: What business pros need to know - TechRepublic
- Domain spoofing declines as protective measures grow - Valimail
- 7 security tips for IoT systems - TechRepublic
- 1: Assess an IoT device's security before implementation
2: Conduct regular security audits and risk assessments
3: Keep third-party access lists up to date
4: Keep software up to date
5: Establish a procedure for keeping up on vulnerability news
6: Analyze network traffic
7: Only use IoT devices that are built with security in mind
- Cloud Computing More Energy Efficient Than Initially Thought - TidBITS
- Secure your APIs — don’t give hackers a chance!
- A Guide on How to Get Started in Digital Forensics
- HIPAA Compliance: Why IT Matters and How to Obtain It | Hyperproof
- Understanding Azure AD’s Free Tier - JumpCloud
- 100 Keyboard Shortcuts to Use Linux Like a Pro – Linux Hint
- NBlog - the NoticeBored blog: NBlog March - InfoSec 101 module released
- DevOpsDays 2020 at HEG in Geneva - Blog dbi services
- Kr00k Wi-Fi Encryption flaw affects more than a Billion devicesSecurity Affairs
- Reading Municipal Light Department, Massachusetts, hit by ransomwareSecurity Affairs
- BYOD and Mobile Device Management - JumpCloud
- Coronavirus: The Unexpected Human Element at RSA Conference 2020
- NIST CSF: Cybersecurity basics — Foundation of CSF
- S3 Bucket Ransomware Attack: What Is It and How Can It Happen?
- Climbing the Vulnerability Management Mountain: Reaching ML:4
- Securing the real perimeter – part 2 – Al Berg's Paranoid Prose
- Securing the real perimeter – part 1 – Al Berg's Paranoid Prose
- Security Priorities & Automation Ascend to Business Relevancy per New KPMG Cybersecurity Report - Security Boulevard
- Understanding Azure AD's Basic/O365 Apps Tier - JumpCloud
- South Korean Data Protection Laws - The Akamai Blog
- How can Third-Party Risk Affect your Healthcare Compliance? - The Compliance and Ethics Blog
- Mastering the Journey—Building Network Manageability and Security for your Path
- CMMC Compliance Soon Required for Government Contractors & Subcontractors
- New Cyber Attack Campaign Leverages the COVID-19 InfodemicSecurity Affairs
- Cybersecurity Roundup: February 25, 2020 | Violet Blue on Patreon
- White Paper on Cloud Security Risks - And How To Mitigate Them - (ISC)² Blog
- Practical Crypto Review for Developers - David Dillard (BSides Tampa 2020) (Hacking Illustrated Series InfoSec Tutorial Videos)
- Hunting the coronavirus in the dark web ... ... .... ... ... ...Security Affairs
- All versions of Apache Tomcat are affected by the Ghostcat flawSecurity Affairs
- The Importance of Server Hardening - Part 1. Introduction and Types of Infrastructure - Security Art Work
- Patch your Tomcat and JBoss instances to protect from GhostCat vulnerability (CVE-2020–1938 and CNVD-2020–10487)
- Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firmSecurity Affairs
- Crooks are attempting to take over tens of thousands of WordPress sitesSecurity Affairs
- US Railroad firm RailWorks discloses data breach after ransomware attack
- Xencrypt - A PowerShell Script Anti-Virus Evasion Tool
- InfoSec Handlers Diary Blog
- Amass
- Healthcare Design Studio, GoInvo Releases Open Source Information Visualization "Understanding Coronavirus"
- Understanding the Novel Coronavirus (2019-nCoV) - GoInvo
- Software Defined Everything With Mike Ossmann And Kate Temkin | Hackaday
- [Guide] Anniversary 2.0 "SNAFU" - Server Needs a Friggin' Upgrade - Builds / [LGA2011] Anniversary 1.0, 2.0, & More - serverbuilds.net Forums
- Yisroel Mirsky - Automated Injection and Removal of Medical Evidence in CT - DEF CON 27 AI Village - YouTube
- Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
- IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
- Polyshell - A Bash/Batch/PowerShell Polyglot!
- Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress
- Some Maniac Drew 'The Simpsons' in Pure Code - VICE
- Reddit Can’t Quarantine Coronavirus Misinformation - VICE
- Data privacy in healthcare needs more education, protection, UM researchers say - mlive.com
- Phishing in Healthcare: Yet Another Major Incident
- Brave beats other browsers in privacy study – Naked Security
- Apache Tomcat Affected by Serious 'Ghostcat' Vulnerability | SecurityWeek.Com
- Healthcare Exchange Standards: Have MHD Clients? What Infrastructure should you deploy>
- NRC Health cyberattack sparks privacy concerns about patient records in US
- Big health care analytics firm infected with ransomware - CyberScoop
- RSAC 2020: Ransomware a 'National Crisis,' CISA Says, Ramps ICS Focus | Threatpost
- Australia reports 1st coronavirus death, a Diamond Princess cruise ship passenger - Japan Today
- Abe says gov't will create ¥270 bil fund to fight virus spread; asks for public support - Japan Today
- Many cherry blossom festivals canceled as virus fears grow - Japan Today
- LG Display halts work at phone screen factory after coronavirus infection | Engadget
- FDA allows new coronavirus testing tech before it gets emergency approval | Engadget
- Security as an “Allowable Cost” in DoD Contracts—Is It Really that Simple? | Pivot Point Security
- Best Practices for Ensuring Data Security in the Cloud | EdTech Magazine
- How to Install Tomcat 8.5 on Ubuntu 18.04 | Linuxize
- Beginners Guide to TShark (Part 3)
- Healthcare Exchange Standards: Mobile Health Document Sharing (MHDS) Profile
- How to Hack Wi-Fi: Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher « Null Byte :: WonderHowTo
- Complying with CCPA: Answers to common questions | CSO Online
- Debian discusses how to handle 2038 [LWN.net]
- How to solve the DevOps vs. ITSM culture clash | Opensource.com
- Openstack RDO && KVM Hypervisor: Nested KVM performance evaluation on Linux Manjaro 19.0 Guest on Virthost CentOS 8.1
- Using Raspberry Pi as a Wired Router – Linux Hint
- Automatic Plant Watering with a Raspberry Pi (Shallow Thoughts)
- Painless Java with BlueJ | Opensource.com
- CERN uses Mattermost | Joinup
- Which container platforms are right for your cloud-native strategy? | IDG Connect
- 10 Best Free Linux Speech Recognition Tools - Open Source Software - LinuxLinks
- BSides SF 2020 CTF: Infrastructure Engineering and Lessons Learned · System Overlord
- Wi-Fi vulnerability affecting WPA2 encryption makes older Android phones insecure
- PyIDM - An Open Source Alternative to IDM (Internet Download Manager)
- WireGuard - A Fast, Modern and Secure VPN Tunnel for Linux
- Security isolation in CI engines
- What happens behind the scenes of a rootless Podman container? | Enable Sysadmin
- How the Supply Chain Affects Business Success – Business
- The rise of cloud computing has had a smaller climate impact than feared | Engadget
- Cloud Snooper: Hackers Using Linux Kernel Driver To Attack Cloud Server
- Why Is Windows Patch Tuesday Update Released On A Tuesday?
- NMap - A Basic Security Audit of Exposed Ports and Services - Putorius
- VokoscreenNG: Free and Open Source Screencasting Tool
- vokoscreenNG
- Cyber Norms Processes at a Crossroads - Lawfare
- Learn Python Dictionary Data Structure – Part 3
- Learn Python Tuples Data Structure - Part 2
- Open Cybersecurity Alliance announces new language for connecting cybersecurity tools - SD Times
- OpenDXL
- Build your career in Computer Forensics: List of Digital Forensic Tools - Part I
- My Certified Kubernetes Administrator (CKA) Exam Experience · davidstamen.com
- Patching the vCenter Server Appliance (VCSA) using the REST API - Part 2 (PowerCLI Module) · davidstamen.com
- Automating the Upgrade of the Virtual Distributed Switch · davidstamen.com
- How to Home Lab: Part 7 - Log Management | dlford.io
- How to Home Lab: Part 6 - Hosting on the Web | dlford.io
- How to Home Lab: Part 5 - Secure SSH Remote Access | dlford.io
- 5 Powershell Commands to Fix Most Windows 10 Problems Easily | dlford.io
- How to Home Lab: Part 4 - NGINX Reverse Proxy | dlford.io
- How to Home Lab: Part 3 - Host an Intranet Site with pfSense and NAT | dlford.io
- 7 Steps to Safely Replace a Drive in a Linux MD RAID Array | dlford.io
- How to Home Lab: Part 3 - Host an Intranet Site with pfSense and NAT | dlford.io
- Introduction to Computer Networking, Binary, and Hexadecimal | dlford.io
- How to Home Lab: Part 2 - Managing Proxmox VE | dlford.io
- 5 Steps to Set Up a Fast, Secure NGINX Reverse Proxy Server | dlford.io
- How to Start a Home Lab: Part 1 - Proxmox VE | dlford.io
- CISO -- Role and Capabilities - Evolution Map – Rajeev Shukla
- Downloads - Open Hardware Monitor
- Working from Home: How to Stay Focused – Home Based Business
- FIPS is a Four Letter Word | Late Night Oracle Blog
- WebLogic Server process takes 100% CPU - Blog dbi services
- Erman Arslan's Oracle Blog: Oracle Database - 19C New Features - a Compact and Complete Presentation
- The Goal and The DevOps Handbook (again) : My Reviews | The ORACLE-BASE Blog
- A brief guide to cybersecurity basics
- I Just Graduated with an MBA. Now What? – Business for Beginners
- Control Engineering | Wireless security: Extensible authentication protocols
- New Department of Defense “Up or Out” Cybersecurity Standards Coming Fast | RSA Conference
- The creator of the Konami Code has died | Engadget
- How to Home Lab: Part 8 - Introduction to Docker: Installation and Usage. | dlford.io
- Python 101 2nd Edition Sample Chapters - The Mouse Vs. The Python
- Import private key and certificate into java keystore (Example)
- Import Key Pair to Java Keystore
- GitHub - perfsonar/maddash: The Monitoring and Debugging Dashboard (MaDDash) is a tool for collecting large amounts of inherently two-dimensional data and presenting it in visually useful ways.
- MaDDash HOWTO | perfSONAR
- A Graduate Course in Applied Cryptography
- What I Learned Watching All 44 AppSec Cali 2019 Talks - tl;dr sec
- Floating Flooring | Steller Hardwood Floors | United States
- CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF
- Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography – Marco Lancini
- Microsoft Office 365 Security Observations | CISA
- Java “keytool import”: How to import a certificate into a keystore file | alvinalexander.com
- Szilárd Pfeiffer / cryptolyzer · GitLab
- NBlog - the NoticeBored blog: NBlog Feb 24 - InfoSec 101 for pro's
- How to access Bitwarden passwords from the Linux command-line
- How to set up the ProtonMail Bridge on Linux
- 3 Best Tips for ZFS Memory Tuning on Proxmox VE 6 and Higher | dlford.io
- Studying For and Taking the CISSP Exam | neckercube.com: Jedadiah Casey
- Tenable Nessus tips and tricks — Astrix
- 9 Things to Consider When Estimating Time :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- AWS ABCs -- EC2 Instance Type Cheat Sheet :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- Five Functional Facts About OSPF :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- Five Functional Facts about EIGRP :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- What the *, traceroute? :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- Why I Use MediaWiki for Taking Notes :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- My Tools for Studying :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- RANCID and the Octothorpe :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- An Introduction to Layer 3 Traffic Isolation :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- Book Review: Design For How People Learn :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- Can IT Certifications Become a Liability? :: packetmischief.ca — Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.
- Cyber Weekly
- How to set up secure LDAP for Active Directory — Astrix
- GitHub - Tirthikas/cwe_checker: cwe_checker is a BAP plugin to find vulnerable patterns in binary executables
- How to Calculate and Communicate Your Desired Total Compensation | Daniel Miessler
- GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
- Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems | Alexander V. Leonov
- Cyber compliance: How to safely share files - VinciWorks Blog
- Zero Day Initiative — The February 2020 Security Update Review
- The 10 Tenets for Cyber Resilience in a Digital World
- Think Like a Business Leader
Foster Internal and External Partnerships.
Build and Practice Strong Cyber Hygiene,
Protect Access to Mission Critical Assets
Protect Your Email Domain Against Phishing
Apply a Zero-Trust Approach to Securing Your Supply Chain
Prevent, Monitor and Respond to Cyber Threats
Develop and Practice Comprehensive Crisis Management Plan.
Build a Robust Disaster-Recovery Plan for Cyberattacks
Create a Culture of Cybersecurity
- CVE-2020-1938: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (CNVD-2020-10487) - Blog | Tenable®
- Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674) - Blog | Tenable®
- Cybersecurity Frameworks in Healthcare (And How to Adopt Them)
- 2020 Update - Security Boulevard
- LDAP vs. LDAPS: Securing Auth to Legacy Apps - JumpCloud
- What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?
- MOSE: Using Configuration Management for Evil - Security Boulevard
- Active Directory and LDAP Reimagined - JumpCloud
- U.S. Healthcare System Attacked at Least 172 Times with Ransomware Since 2016 - Security Boulevard
- Asking the Right Questions About Cyber Insurance
- SOC It 2 Me: CyberArk Achieves SOC 2 Type 2 Compliance - Security Boulevard
- Cybersecurity for K12 Essentials for District IT Teams | ManagedMethods
- February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns - Security Boulevard
- Mozilla issues final warning to websites using TLS 1.0 – Naked Security
- Security maturity assessments focus on people, process, and technology
- A cyberattack on major banks could trigger a liquidity crisis, ECB President warnsSecurity Affairs
- How to comply with privacy laws: Start with software security | Synopsys
- Azure AD for Small Businesses - JumpCloud
- SweynTooth Bluetooth flaws affect devices from major SoC vendorsSecurity Affairs
- Turning Out the Lights on Ransomware
- March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
- InfoSec Handlers Diary Blog
- 37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept – RBS
- 37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept
- How to Build a Hacking Station with Raspberry Pi and Kali Linux - IoT Tech Trends
- Top 10 web hacking techniques of 2019 | PortSwigger Research
- The rise and rise of ransomware - Axios
- What CMMC Level Should Your Organization Pursue? | Pivot Point Security
- How Much Will CMMC Certification Cost My Business? | Pivot Point Security
- Does Your Organization Need to Get CMMC Certified with the Limited Rollout? – Let’s Read the Tea Leaves | Pivot Point Security
- IE zero day and heap of RDP flaws fixed in February Patch Tuesday – Naked Security
- Tunnelling RDP over SSH – Stuff I'm Up To
- An Introduction to Test-Driven Development
- Increasing Visibility into Network and Application Performance Will Drive Business Innovation | APMdigest - Application Performance Management
- DOJ Charges China With Hacking Equifax. That's No Reason to Forgive Equifax - VICE
- Bluetooth bugs – researchers find 10 “Sweyntooth” security holes – Naked Security
- Corp.com is up for sale – check your Active Directory settings! – Naked Security
- Getting Started with WSL - Linux Blog
- Get a /56 from Spectrum using wide-dhcpv6 :: Major Hayden 🤠 — Words of wisdom from a social nerd
- Get Inactive Users Report for the past 60 days in a multi domain environment | Mohammed Wasay
- Step by Step Azure Active Directory (Azure AD) Connect Cloud Provisioning | Robert Smit MVP Blog
- Compiling a DLL using MingGW :: malicious.link — welcome
- How To Easily Create An AWS EC2 Linux Instance
- 2020 Home Lab - The IT Hollow
- Kubernetes Logs for Troubleshooting - The IT Hollow
- Happy 20th Birthday, Active Directory! - The things that are better left unspoken
- Clinical Connectivity Just the Facts.pdf
- TODO: Test your exposure to Microsoft’s 2020 LDAP Channel Binding and Signing changes - The things that are better left unspoken
- Now with added CISSP - Stuart Moore
- Stop Fearing the Whiteboard. Conquer It. - Programming Blog
- Truly Disable IPv6 |
- PS: New-Item -Type DWord -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents -Value “0xff” -Force
CMD: REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 0xff /f
To Verify:
PS: Test-Path -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
CMD: REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents
- Analyzing Attacks on my Server - Linux Blog
- Powershell – SCCM Software Center server update – Luka Gros
- Make diacritics easy in Linux :: Major Hayden 🤠 — Words of wisdom from a social nerd
- Numbers Every Programmer Should Know By Year
- Windows updates history list – Dimitri's Wanderings
- 0patch Mitigation for CVE-2020-0674 in Windows 10 V190x | Born's Tech and Windows World
- How to change compatibility level of a SQL Database-Sharing Knowledge | Erwin Bierens Blog
- Linux – Connecting to Windows LDAP over SSL (LDAPS) using certificate | geekdudes
- Request SSL certificate for Linux machine from Microsoft Certification Authority | geekdudes
- How to enable third party SFP and SFP+ modules on Cisco, HP Aruba switches - ITSMDaily.com
- Double-Check Your iPhone’s Medical ID Emergency Contacts - TidBITS
- 7 Contentious Thoughts about Data Protection | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- Cloud is only cheaper if you don’t think about data protection
You’re not protecting enough data
You’re protecting data too much
Backup is Dead
Backup is still Very Much Alive
Ransomware Snuffed Out Multi-Purpose Backup Servers
You’ve Probably Got The Wrong People Running Data Protection
- WoeUSB - make Windows bootable Pendrive on Linux - LinuxH2O
- How to install TT-RSS on a Raspberry Pi | Opensource.com
- Automate (offline) backups with restic and systemd ·
- Keeping Records of CRM Pipeline Sales Leads to Success – Business
- Hitting the Books: A brief history of industrial espionage and corn | Engadget
- CVE Api - Parse & filter the latest CVEs from cve.mitre.org
- White Paper – The Skill Set Needed to Implement a Privacy Risk Management Framework
- Breaches in the Cloud and Why Blame Matters
- SANS Security Insights | Active Directory Password Policies & NIST Password Standards | SANS Institute
- SANS Industrial Control Systems Security Blog | Four Keys to Effective ICS Incident Response | SANS Institute
- SANS Security Insights | Finding a Cure for Ransomware | SANS Institute
- SANS Security Trend Line | 20 Coolest Cyber Security Jobs | SANS Institute
- Hacked Off: Patients Sue Ransom-Paying Hospital Group
- 0L4Bs - Cross-site Scripting Labs For Web Application Security Enthusiasts
- How to use Metasploit in Kali Linux Step by Step Tutorial for Beginners
- Beginners Guide to TShark (Part 2)
- Census II Report on Open Source Software
- Here are some key lessons learned from the report (Chapter 7):
There’s a need for a standardized naming scheme for software components.
There’s an increasing importance of individual developer account security.
Legacy software persists in the open source space.
Also, here’s an interesting nugget: “These statistics illustrate an interesting pattern: a high correlation between being employed and being a top contributor to one of the FOSS packages identified as most used.”
- Why You Need a Software Restriction Policy (Right Now)
- Defense Department Agency Reports Data Breach
- Faster Onboarding with PowerShell - JumpCloud
- Honeypots and Honeynets – Linux Hint
- Defining the Journey—the Four Cloud Adoption Patterns - Security Boulevard
- Princeton IoT Inspector
- Cloud misconfigurations cost companies nearly $5 trillion - TechRepublic
- Cloud misconfigurations cost companies nearly $5 trillion
A DivvyCloud report finds 196 data breaches exposed more than 33 billion records due to environments without appropriate security.
Of the 196 breaches examined by DivvyCloud researchers, 44% of all records exposed in 2018 and 2019 related back to problems with Elasticsearch misconfigurations.
"The number of breaches caused by Elasticsearch misconfigurations nearly tripled from 2018 to 2019. S3 bucket misconfigurations accounted for 16% of all breaches. S3 bucket misconfigurations decreased 45% from 2018 to 2019. MongoDB misconfigurations accounted for 12% of all breaches. MongoDB misconfiguration instances nearly doubled from 2018 to 2019," the report said.
- Chris's Wiki :: blog/unix/UsrSplitAndStandards
- Windows 10 2004 (20H1): The Biggest Features Explained
- .NET PowerShell Notebooks – Using Pester | SQL DBA with A Beard
- Win 7/Server 2008 R2: Boot issues with Update KB4539602 | Born's Tech and Windows World
- Windows 10 Version 1809 reaches End of Life soon | Born's Tech and Windows World
- Windows Update KB4502496 pulled | Born's Tech and Windows World
- Patch RCE vulnerability CVE-2020-0618 on your Microsoft SQL-Server! | Born's Tech and Windows World
- Windows 10: Watch out for Update KB4023057 (Feb. 2020) | Born's Tech and Windows World
- Microsoft pulls KB 4524244, the infamous UEFI patch, from the Catalog @ AskWoody
- PowerShell in Azure DevOps Pipelines: The Ultimate Guide
- PowerShell Scripting in Azure DevOps Pipelines (1 of 2)
- The PowerShell Block Comment and Commenting Best Practices
- Tools for SSH key management | Opensource.com
- census_ii_vulnerabilities_in_the_core.pdf
- Chris's Wiki :: blog/unix/DisklessUnixAndUsr
- Ransomware Attack on EHR Vendor Impacts Home Health Chain
- Understanding the Impact of the Cybersecurity Skills Shortage on Business | CSO Online
- Speed up datapump export for migrating big databases - Blog dbi services
- What Is Closed-Loop Automation? | The Networking Nerd
- Managing swap in the modern Linux system | Enable Sysadmin
- Becoming a Data Company: Back to the Future - Security Boulevard
- Addressing the Security Demands of Today’s Dynamic Cloud Environments | CSO Online
- SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo
- Microsoft launches open-source privacy mapping tool
- Larry Tesler, of copy-and-paste fame, dies at 74 – Naked Security
- How do I download a high resolution copy of an image I found in Flickr? – About BHL
- Writing unit test after writing code considered harmful in test-driven development | Opensource.com
- Exadata Workloads to Azure, Part II
- How to play sound and make noise with your Raspberry Pi - Raspberry Pi
- Raspberry Pi 4 UEFI+ACPI Firmware Aims to Make the Board SBBR-Compliant
- Autostart Tmux Session On Remote System When Logging In Via SSH
- What is backporting, and how does it apply to RHEL and other Red Hat products?
- Give your Linux system's firewall a security boost | Enable Sysadmin
- Ubuntu multipass | panticz.de
- How to Install Mautic Marketing Automation Tool in Linux
- Why You Still Don’t Need Antivirus Software on Linux in 2020 – Linux Hint
- Oracle Ships Solaris 11.4 SRU18 - Finally Mitigates The SWAPGS Vulnerability - Phoronix
- Environmentally-friendly Raspberry Pi projects | Computerworld
- Build a Raspberry Pi Zero W Amazon price tracker - Raspberry Pi
- Solene's percent % : Daily life with the offline laptop
- DHS’s cyber wing responds to ransomware attack on pipeline operator
- How 1500 bytes became the MTU of the internet
- Hard disk reliability study - 2005-2020
- Python Programming
- » Free Software is protecting your data – 2014 TEDx Richard Stallman Free Software Windows and the NSA | dwaves.org
- Certificate validity and a y2k20 bug | Enable Sysadmin
- According to RFC5280 the following must be true for the use of a PKI certificate validity.
Dates up to 2049 should be specified in UTCTime
Dates beginning in the year 2050 should be specified as GeneralizedTime
All client consumers of the certificate should be able to evaluate both UTCTime and GeneralizedTime.
- How To Zoom Tmux Panes For Better Text Visibility - OSTechNix
- Census Program II - Download Preliminary Report - Core Infrastructure Initiative
- Father Of Cut-Copy-Paste And Ex-Apple Employee Larry Tesler, Dies At 74
- Larry Tesler
- Surviving a security audit with enterprise Linux | Enable Sysadmin
- What Are eSIMs? Easy Mobile Internet For Travel - foXnoMad
- Japan issues coronavirus medical guidance as infections rise - Japan Today
- Judo master, 97, puts 'spirit' above medals at Olympics - Japan Today
- "Whether you win or lose, it's just another form of training,"
- The CSO's playbook for forging board relationships | CSO Online
- Charlie Munger Daily Journal Annual Meeting 2020 Full Video, Full Transcript, and Notes — My Money Blog
- How to Analyze Wi-Fi Data Captures with Jupyter Notebook « Null Byte :: WonderHowTo
- How to Catch USB Rubber Duckies on Your Computer with USBRip « Null Byte :: WonderHowTo
- Oracle Database 20c - The first CDB-only release
- Next Step: Network Inventory Database
- Open-source URL shortener ‘YOURLS’ gets updated with Bitly-like random keyword plugin
- ZF joins Open Manufacturing Platform - Green Car Congress
- Webinar on Preparing for Public Sector Ransomware Attacks in 2020
- Changing the Monolith—Part 4: Quick tech wins for a cloud-first world
- Mattress Firm deployed Azure Active Directory to securely connect Firstline Workers to their SaaS apps and to each other
- NERC CIP compliance in Azure
- SANS Penetration Testing | SANS Poster - White Board of Awesome Command Line Kung Fu (PDF Download) | SANS Institute
- SANS Digital Forensics and Incident Response Blog | USB Key Analysis vs. USB Drive Enclosure Analysis | SANS Institute
- WMI 101 for Pentesters - The Ethical Hacker Network
- Healthcare Ransomware Damage Passes $157M Since 2016
- Software Testing and Spies in The Art of War - EvilTester.com
- Beginners Guide to TShark (Part 1)
- Privacy law covering most medical care may not apply in schools - Reuters
- XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch
- Pytm - A Pythonic Framework For Threat Modeling
- Netdata - Real-time Performance Monitoring
- Parse stored Windows Event logs with Security Onion - Koen Van Impe - vanimpe.eu
- Michael on Security: 2020 Update
- Japan Security Analyst Conference 2020 -Part 2- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Japan Security Analyst Conference 2020 -Part 1- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- SANS Blog
- SANS Digital Forensics and Incident Response Blog | A few Ghidra tips for IDA users, part 4 - function call graphs | SANS Institute
- SANS Digital Forensics and Incident Response Blog | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code | SANS Institute
- SANS Digital Forensics and Incident Response Blog |A few Ghidra tips for IDA users, part 2 - strings and parameters | SANS Institute
- SANS Penetration Testing | SANS Cheat Sheet: Python 3 | SANS Institute
- Programming: Interviews, Snek, JavaScript, Perl and Python | Tux Machines
- SANS Security Insights | How to Build a Successful Cloud Security Program | SANS Institute
- SANS Security Insights | Three Cloud Security Best Practices for 2020 | SANS Institute
- Command Line Heroes: Season 4: Mainframes: The GE 225 and the Birth of BASIC
- SOL4CE Cyber/Cyber-Physical Laboratory Opens at Purdue University - CERIAS - Purdue University
- SOL4CE
- Wacom drawing tablets track the name of every application that you open | Robert Heaton
- The 25 worst passwords of 2019, and 8 tips for improving password security | CSO Online
- Release the monkey! How Infection Monkey tests network security | InsiderPro
- Infection Monkey - Breach and Attack Simulation | Guardicore
- 8 steps to being (almost) completely anonymous online | CSO Online
- Cybersecurity spending trends, 2020 | CSO Online
- How to fight hidden malware on Windows networks | CSO Online
- The CIA triad: Definition, components and examples | CSO Online
- US administration requests $9.8B for cyber 2021 budget for the Department of DefenseSecurity Affairs
- Is Vulnerability Management more about Vulnerabilities or Management? | Alexander V. Leonov
- AntiVirus for my Database Server? | Late Night Oracle Blog
- Oracle Database 20c - Documentation and Cloud availability
- Oracle Database 20c : Cloud Preview, Docs and Desupport | The ORACLE-BASE Blog
- Trump administration wants private sector to do more to counter foreign intelligence efforts
- A Raspberry Pi Kiosk (Shallow Thoughts)
- The Effect of Switch Port Count in Clos Topology
- Persistent L2ARC might be coming to ZFS on Linux | Ars Technica
- ESLint now turned on for all of the Firefox/Gecko codebase – Standard8's Blog
- Call us immediately if your child uses Kali Linux, squawks West Mids Police • The Register
- How to get started with automation: A Red Hat exec offers advice - TechRepublic
- The Horrifically Dystopian World of Software Engineering Interviews - Blog by Jared Nelsen
- Coding style checks in CI | drboblog
- Linux Encryption Tool Cryptsetup Now Supports Windows Disk Encrypted Devices
- Azure DevOps : Operational validation with Approval Gates & Azure Monitor Alerts – Karim Vaes
- Ultrasonic bracelet jams the microphones around you | Engadget
- AI can automatically rewrite outdated text in Wikipedia articles | Engadget
- The Coronavirus and Your Rights as an Employee - FindLaw
- New company, new role, & back to working with customers – Jase's Place
- Dell EMC Isilon – Cloudy With A Chance Of Scale Out | PenguinPunk.net
- VCP-DCV 2020: vSphere 6.7 Exam Prep | vLore Blog
- odacli create-database extremely slow on ODA X8-2 with 19.5 - Blog dbi services
- Get a TLS-enabled Docker registry in 5 minutes
- Azure Front Door to Support Deployments - Cloud for the win!
- Considerations for vSphere Component Backup and Restore: Part 2 · davidstamen.com
- Considerations for vSphere Component Backup and Restore: Part 1 · davidstamen.com
- Runecast Analyzer 4.1 and Center for Internet Security (CIS) analyzes your environment for any security risk according to CIS standards | ESX Virtualization
- VMware's William Lam publishes "VMware Community Homelabs Project" at virtuallyGhetto | TinkerTry IT @ Home
- Six keys to successful digital transformation
- The report identifies six:
Dedicated leadership -- the survey finds 83 percent of digital transformations that are on track or ahead of schedule are led by a CIO, CEO, CDO, or CTO.
All-in approach -- transformations that are on track are 30 percent more likely to be structured as full-scale change initiatives. Because digital operations are often so interconnected, piecemeal and partial transformations can often be siloed and result in limited impact on the factors driving the transformation.
Defined digital roadmap -- 92 percent of transformations that are on target or ahead of schedule have a defined strategy and roadmap that includes IT infrastructure and operations.
Alignment between infrastructure and apps -- enterprises powered by an integrated DevOps approach are 43 percent more likely to see success in digital transformation efforts.
Platform mindset -- businesses that include IT infrastructure as a big part of their digital transformation are 36 percent more likely to have a successful transformation.
Commitment to intelligent operations -- companies that monitor IT performance in real time and remediate issues quickly are 24 percent more likely to undergo a successful digital transformation.
- Automating APIs with Python and Go (Part I) - Architecting IT
- New – Serverless Lens in AWS Well-Architected Tool | AWS News Blog
- Docker Exec – What Does it Do?
- BBC World Service - The World This Week - Downloads
- Anonymous contributors answer: What's some underrated general life advice? - 80,000 Hours
- China rolls out 'close contact detection app' for coronavirus | Engadget
- My productivity app is a single .txt file
- Bubble Sort in Python
- City Reviewing Recommendations from Cyberattack Assessment
- 6 Reasons Your Open-Source Data Science Pipeline Needs Attention Now
- Ransomware Hits North Miami Beach Police Department | SecurityWeek.Com
- PyBites – The Pythonic Fast Lane, Digest of a 30 Min Mentoring Session
- Python course inside of NSA via a FOIA request
- The NSA Has a Beginner Python Course - The Mouse Vs. The Python
- Salesforce Data Breach Suit Cites California Privacy Law
- Blood-drawing robot is supposedly more accurate than humans | Engadget
- How to create a symmetrical heart with GIMP | LibreByte
- Software is about people, not code – Letters To A New Developer
- The Y2038 problem in the Linux kernel, 25 years of Java, and other industry news | Opensource.com
- RobbinHood – the ransomware that brings its own bug – Naked Security
- NBlog - the NoticeBored blog: NBlog Feb 8 - InfoSec 101
- Security in 2020: Revisited - Schneier on Security
- Infosecurity.US - https://infosecurity.us - The Joy of Tech® 'A Sympathy Card From Canada'
- Dump top 10 ports tcp/udp from nmap Using grep, sed
- nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'
- The three principles of successful cloud-native development
- Choice
Open source
Infrastructure as code (IaC)
- Oracle Multitenant: Be aware of the silent COMPATIBLE change
- GitHub - siemens/jailhouse: Linux-based partitioning hypervisor
- Cats and lasers and (Raspberry) Pi, OH MY! - Raspberry Pi
- Celebrating Java's 25th anniversary- Episode 16
- Running SQL Server on the Oracle Free tier - Blog dbi services
- Setup LXD with Ubuntu's ZFS on root ·
- Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
- Ragnarok
- New .NET Notebooks are here – PowerShell 7 notebooks are here. | SQL DBA with A Beard
- Stir Fried Broccoli with Hoisin Sauce Recipe- Gluten Free, Vegan, Easy | Penniless Parenting
- hoisin sauce
- Chrome will start protecting users from insecure downloads in April | Engadget
- Make Oracle database simple again! - Blog dbi services
- NVMe the afterburner for your database - Blog dbi services
- What You Need to Know About BI Integration – Running Your Business
- New strain of ransomware spreads via SYSVOL shares
- LDAP Channel Binding: Change is coming 2nd half of 2020 | Born's Tech and Windows World
- Google Online Security Blog: Protecting users from insecure downloads in Google Chrome
- University of Maastricht Paid 30 Bitcoins to Ransomware Attackers - Security Boulevard
- Chocolatey GUI as a front-end deployment and management option | ESX Virtualization
- BurpSuite Tutorial for Beginners – Linux Hint
- cdpwn - Millions of devices at risk due to flaws in implementations of Cisco Discovery Protocol (CDP)Security Affairs
- M6 Group, largest France private multimedia group, hit by ransomwareSecurity Affairs
- Winnti Group was planning a devastating supply-chain attack against Asian manufacturerSecurity Affairs
- FBI warns of high-impact ransomware attacks on U.S. organizationsSecurity Affairs
- Hospitals in Alabama and Australia have been hit with ransomware attacksSecurity Affairs
- Wolcott school district suffered a second ransomware attack in 4 monthsSecurity Affairs
- Everis and Spain's radio network Cadena SER hit by ransomwareSecurity Affairs
- Ocala City in Florida lost $742,000 following BEC attackSecurity Affairs
- Ransomware hit TrialWorks, law firms were not able to access court docsSecurity Affairs
- Ransomware attack hit the City of Johannesburg municipalitySecurity Affairs
- CERT Rating Maturity Evaluation Tool
- CERTrating a new Tool to evaluate CERT/CSIRT maturity level.Security Affairs
- 0 = not available / undefined / unaware
1 = implicit (known/considered but not written down, “between the ears”)
2 = explicit, internal (written down but not formalised in any way)
3 = explicit, formalised on authority of CERT/CSIRT head (rubberstamped or published)
4 = explicit, audited on authority of governance levels above the CERT/CSIRT head (subject to control process/audit/enforcement)
- Brooklyn Hospital lost patient records after a ransomware infectionSecurity Affairs
- Ransomware attack impacted government services in territory of NunavutSecurity Affairs
- National_Cyber_Security_Strategy.pdf
- A Ransomware infected the network of the cybersecurity firm ProsegurSecurity Affairs
- Livingston School District hit by a ransomware attackSecurity Affairs
- French Rouen hospital hit by a ransomware attackSecurity Affairs
- CTHoW v2.0 - Cyber Threat Hunting on Windows ...Security Affairs
- CTHoW
- Humans are Awesome/Terrible at Risk Management | Talks by csoandy
- The NSA Warns of TLS Inspection - Schneier on Security
- Technology and Policymakers - Schneier on Security
- Expert found a hardcoded SSH Key in Fortinet SIEM appliancesSecurity Affairs
- Mitsubishi Electric discloses data breach, media blame China-linked APTSecurity Affairs
- Albany County Airport authority hit by a ransomware attack - Security AffairsSecurity Affairs
- MITRE presents ATT&CK for ICS, a knowledge base for ICSSecurity Affairs
- Medical info of 49,351 patients exposed in Alomere Health hospital breachSecurity Affairs
- Japanese HappyHotel discloses a data breach .... ....Security Affairs
- California IT service provider Synoptek pays ransom after Sodinokibi attackSecurity Affairs
- Great Plains center hit by ransomware attack ... ... ...Security Affairs
- Top cybersecurity predictions for 2020 ....................Security Affairs
- 1) Targeted ransomware attacks on the rise
2) Most nation-state attacks remain unattributed
3) IoT devices under attack
4) AI-based attacks, a nightmare for security experts
5) Compromised credentials and data breaches will continue to be a problem for organizations
6) ICS/SCADA systems are still too vulnerable
7) Supply chain attacks will grow slightly in frequency
8) Cybercrime-as-a-service — stronger than ever
- Entercom Radio Network hit by a second cyber attack in a few monthsSecurity Affairs
- Attackers Actively Targeting Flaw in Door-Access ...
- How Enterprises Are Developing and Maintaining Secure Applications | Tech Library
- Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light BulbsSecurity Affairs
- Malware attack took down 600 computers at Volusia County Public LibrarySecurity Affairs
- Foreign spies tantalize Japan's corporate warriors, trading tasty treats for technical tidbits - Japan Today
- The 11 Best Cyber Security Books — Recommendations from the Experts - Hashed Out by The SSL Store™
- 1. Hacking: The Art of Exploitation (2nd Ed.)
2. The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
3. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
4. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
5. Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
6. Social Engineering: The Science of Human Hacking
7. Practical Malware Analysis
8. The CERT Guide to Insider Threats
9. The Cyber Effect
10. Hacking Exposed 7: Network Security Secrets and Solutions
11. Threat Modeling: Designing for Security
- What Our Data Reveals About Security Debt - Security Boulevard
- Tripwire Patch Priority Index for January 2020
- MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up - Security Boulevard
- Security admins checklist: 10 tasks to perform every year - TechRepublic
- 1. Update your company's policies
2. Update (or draft) an Incident Response Plan
3. Schedule maintenance calls with vendors
4. Review firewall rules
5. Assess internal security audits of systems
6. Perform directory server auditing and cleanup
7. Review security logs and alerts
8. Research new technologies and upgrade paths
9. Securing remote access technologies
10. Develop and conduct end-user training
- ToolsWatch.org – The Hackers Arsenal Tools Portal » CVE In The Hook – Monthly Vulnerability Review (January 2020 Issue)
- CDPwn: Cisco Discovery Protocol Vulnerabilities Disclosed by Researchers
- Setting up Active Directory via PowerShell - Microsoft Industry Blogs - United Kingdom
- Malware Attack ‘Damages’ Patient Records - HealthcareInfoSecurity
- Using the Shared Assessments SCA for Added Benefits—Even If You’re Already ISO 27001 Certified | Pivot Point Security
- Think of Your vCISO as Your Security Blanket | Pivot Point Security
- “In short your vCISO is all about peace of mind.”
- Higher Education Faces a New Information Security Compliance Check | Pivot Point Security
- Gramm-Leach-BlileyAct
- The city of Racine was offline following a ransomware attack - Security AffairsSecurity Affairs
- Toll Group shuts down some online systems after ransomware attackSecurity Affairs
- Sudo CVE-2019-18634 flaw allows Non-Privileged Linux and macOS Users run commands as RootSecurity Affairs
- Police are warning crooks are using cleaners to compromise businessesSecurity Affairs
- Ransomware brought down services of popular TV search engine TVEyesSecurity Affairs
- Rational Cybersecurity & CISO cybersecurity-business alignment guidance
- How to check CPU microcode revision in ESXi | blog.erben.sk
- VMware Snapshots: Powershell to clear allowed IP list and allow all IPs
- powershell import csv foreach
- Upping your PowerShell Scripting Game with Azure DevOps Pipelines
- C-Level & Studying for the CISSP
- Hackers Pose Increasing Risk to Medical Research Data
- NIST Drafts Guidelines for Coping With Ransomware
- TA505 APT Group Returns With New Techniques: Report
- Growing Medical Device Sophistication Opens Security Issues
- Data localization service receives HIPAA, SOC, PCI certifications
- How to make your GDPR and CCPA data-management operational
- Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events | NCCoE
- EKANS Ransomware Raises Industrial-Control Worries
- 8 of the 10 Most Exploited Bugs Last Year Involved ...
- On the 2020 Congressional cybersecurity agenda: Critical infrastructure, copyright exemptions | CSO Online
- 20 most significant programming languages in history - anarcat
- Python Logging with Datadog
- Python for Beginners: Why Does Python Look the Way It Does?
- Mid-Sized IT Innovation: Two Cities Chart Their Own Course
- What freeware or open-source software packages are available to support GNSS performance evaluations? - Inside GNSS
- Food Wishes Video Recipes: Chocolate Energy Bars – Looking Good…Maybe Too Good
- Microsoft Teams goes down after Microsoft forgot to renew a certificate - The Verge
- Repology
- Repology.org - A Package Search Engine for All GNU/Linux Users
- Repology.org
- The Meteoric Rise Of Fwupd+LVFS For Linux Firmware Updates - Phoronix
- Tecmint's Guide to RedHat Ansible Automation Exam Preparation Guide
- What is DNS and how does it work – Linux Hint
- How to use nmap vulscan – Linux Hint
- Cyber Security Mistakes You're Probably Making: Duncan McAlynn | Jupiter Extras 52 | Jupiter Broadcasting
- The Powerful World of Debian Keyboard Shortcuts
- Microsoft Outlook Keyboard Shortcuts | Alexander's Blog
- 2020-02: USBIP, Ask Us Anything | KWLUG - Kitchener-Waterloo Linux User Group
- 9 'diff' Command Examples in Linux
- (A few) Ops Lessons We All Learn The Hard Way
- New Sudo Vulnerability Could Allow Attackers to Obtain Full Root Privileges - 9to5Linux
- Learn Python List Data Structure - Part 1
- Shadow IoT: A Fine Kettle Of Fish | OPSWAT
- 9 CCPA questions every CISO should be prepared to answer | CSO Online
- Erman Arslan's Oracle Blog: Oracle Linux / An Important Part of the Red Stack ! - Support Subscription Types - Clear and Simple
- Security in the financial industry | TechRadar
- Iowa Caucus results delayed, link to mobile app problems is unclear (updated) | Engadget
- Integrating Pi-hole Logs in ELK with Logstash
- Integrating Pi-hole Logs in ELK with Logstash
- More on DNS Archeology (with PowerShell)
- A Round-up of Data Breaches in January 2020 - Security Boulevard
- Chris's Wiki :: blog/solaris/ZFSHowWeGrowPools
- Assessment Frameworks for NIS Directive Compliance
- Cyberattacks Are Changing: Here’s How - Security Boulevard
- Connecting Your Legacy WAN to Cloud is Harder than You Think « ipSpace.net blog
- Which Car Models Do Owners Keep Forever? — My Money Blog
- Inside Lockheed Martin’s New Facility for Simulating Space Wars - VICE
- Google launches open-source security key project, OpenSK – Naked Security
- Other projects
somu
solo
solo hacker
- Regus spills data of 900 staff on Trello board set to ‘public’ – Naked Security
- IT exec sets up fake biz to scam his employer out of $6m – Naked Security
- Happy Birthday, CVE! – Naked Security
- Linux maintainer: Patching side-channel flaws is killing performance – Naked Security
- Report: Use of AI surveillance is growing around the world – Naked Security
- 7 types of virus – a short glossary of contemporary cyberbadness – Naked Security
- KEYLOGGERS
DATA STEALERS
RAM SCRAPERS
BOTS, aka ZOMBIES
BANKING TROJANS
RATS (Remote Access Trojans)
RANSOMWARE
- 5 tips to avoid spear-phishing attacks – Naked Security
- Tips for you
1. DON’T BE SWAYED JUST BECAUSE A CORRESPONDENT
SEEMS TO KNOW A LOT ABOUT YOU
2. DON’T RUSH TO SEND OUT DATA JUST BECAUSE
THE OTHER PERSON TELLS YOU IT’S URGENT
3. DON’T RELY ON DETAILS PROVIDED BY THE SENDER
WHEN YOU CHECK UP ON THEM
4. DON’T FOLLOW INSTRUCTIONS ON HOW TO VIEW AN EMAIL
THAT APPEAR INSIDE THE EMAIL ITSELF
5. DON’T BE AFRAID TO GET A SECOND OPINION
Tips for IT
1. DO SET UP A SINGLE POINT OF CONTACT
FOR STAFF TO REPORT CYBERSECURITY ISSUES
2. DO MAKE CYBERSECURITY A TWO-WAY STREET –
LISTEN TO YOUR USERS!
3. DO CONSIDER PHISHING SIMULATIONS
- Snake alert! This ransomware is not a game… – Naked Security
- Looking for silver linings in the CVE-2020-0601 crypto vulnerability – Naked Security
- Duo: Migrate from LDAP to LDAPS | PeteNetLive
- The Top 5 Threats to Your IT Infrastructure - JumpCloud
- Azure Governance | Tallan Blog
- Stop Washing Your Car with Water - YouTube
- The Death Of Surplus | Hackaday
- Super Bowl Sunday is a big day for a Portland professor -- because he’s a palindrome expert - oregonlive.com
- Palindrome Day: Why A Day Like Sunday Hasn't Been Seen In 900 Years : NPR
- Climate Change Could Erase Human History. These Archivists Are Trying to Save It - VICE
- This Company Built a Private Surveillance Network. We Tracked Someone With It - VICE
- 'Pwnagotchi' Is the Open Source Handheld That Eats Wi-Fi Handshakes - VICE
- Pwnagotchi
- U.S. Military Could Collapse Within 20 Years Due to Climate Change, Report Commissioned By Pentagon Says - VICE
- Inside the U.S. Cyber Army - VICE
- Simple guide to install JUPYTER NOTEBOOK on Linux - The Linux GURUS
- Heartbleed Discovery and Exploit – ls /blog
- I, Cringely My first two predictions for 2020 - IBM and Trump - I, Cringely
- How to gather information from Instagram with Instaloader python tool - Hacker Milk
- Restoring a thrashed Plextor PX-40TSi SCSI CD-ROM Drive | Matt's Tech Pages
- Bad, Good, and Super-Cringey Infosec Lab Environments – tisiphone.net
- Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D | FireEye Inc
- DVNA - Damn Vulnerable NodeJS Application
- Here's the Pentagon's Terrifying Plan for Cyborg Supersoldiers - VICE
- Building a Linux Desktop for Cloud Native Development
- The Internet’s First Hit File Format Wasn’t the MP3. It Was MIDI - VICE
- This Website Has Solved Cybersecurity - VICE
- T-Mobile's John Legere Was Never a 'Cool CEO' - VICE
- UN hacked via unpatched SharePoint server – Naked Security
- Open-Source Medical Devices Hack Chat | Hackaday
- Is TLS Fast Yet?
- Espanso is an open source text expander for Windows, Mac and Linux - gHacks Tech News
- The best bag and cable organizers | Engadget
- Two Vulnerabilities Found in Microsoft Azure ...
- How To Keep Your Privacy and Data Secure While Working With a Remote Team | Network Computing
- What's Actually on the Dark Web - VICE
- Archivists Are Saving the History of Internet Piracy - VICE
- Why Security and Legal Need to Work Together - Blog | Tenable®
- What You Need to Know About The New Capabilities for Tenable.sc - Blog | Tenable®
- Configuring AWS Linux Servers With LDAP - Security Boulevard
- Adding Dynamic Updates to Windows 10 In-Place Upgrade Media During Offline Servicing - A Square Dozen
- Add Dynamic Updates to Windows 10 Media | Born's Tech and Windows World
- Explanations of a high-level concept in five different layers of complexity (Gurteen Knowledge)
- How To STIG a Database System - Microsoft Tech Community - 383732
- What's a STIG? - Microsoft Tech Community - 383566
- Most antivirus companies will continue to support Windows 7
- How to upgrade from Windows 7 to Ubuntu – Hardware and software considerations | Ubuntu
- Book Freak #45: How to Not Spoil Your Kids | Cool Tools
- "Leading to Learning," Part 5: Advice for Learners | Don Jones®
- "Leading to Learning," Part 4: Advice for Leaders | Don Jones®
- How to authenticate Python interactively to Microsoft Azure – MCP for life
- Arlo Video Doorbell [Review]
- New Perspectives On The Three Horizons Model - krypted
- Why AWS and Azure Benchmarks Don't Matter to Me - Thomas LaRock
- Useful links on EC2\FSX with new features | Techbrainblog
- Happy 10th Birthday, Azure! - The things that are better left unspoken
- Generating Strong Random Password with PowerShell | Windows OS Hub
- The Dark Web Has Nothing on Data Brokers | Daniel Miessler
- KVM Virtualization Adds Protections For Spectre-V1/L1TF Combination Attack - Phoronix
- Vulnerability Management: A Fundamental First Step to Improve Cyber Hygiene and Reduce Cyber Risk - Blog | Tenable®
- Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM)
- RiskAssessmentFramework - Static Application Security Testing
- RiskAssessmentFramework
- MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
- How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack « Null Byte :: WonderHowTo
- Free Physical and Virtual Machine (VM) converter utilities you have to keep | ESX Virtualization
- How to Choose the Right Vulnerability Management Solution - Blog | Tenable®
- How to Audit Microsoft Azure with Tenable Solutions - Blog | Tenable®
- Windows 7 End of Support: What Does It Mean for Your Organizations?
- What is Transport Layer Security (TLS)? Strengths and Vulnerabilities Explained
- DHS issues cybersecurity warning to businesses
- The report found malware continues to be the most frequent — and, in many instances, the most costly — type of cyberattack facing organizations, and the total “number of organizations experiencing ransomware attacks increased by 15% over one year and have more than tripled in frequency over two years.” The report also noted 85% of organizations are subject to phishing and social engineering attacks from malicious actors
For example, the alert identifies the following cyber activities attributed to Iran:
A distributed-denial-of-service attack targeted the U.S. financial sector between 2011 and 2013, which resulted in the Department of Justice indicting seven Iranians.
A cyber operation against the IT systems of the Bowman Dam in New York led to the unauthorized access to information regarding the status and operation of the dam. This resulted in the March 2016 indictment of an Iranian actor “performing work on behalf of the (Islamic Revolutionary Guard Corps).”
A cyberattack at the Sands Las Vegas Corporation involved the theft of customer data and sensitive personal information (e.g., credit card data, Social Security numbers and driver’s license numbers).
A cyber theft campaign between 2013 and 2017 that targeted certain academic and intellectual property data. In 2018, the DOJ indicted nine Iranian actors associated with these cyber operations.
- The Cybersecurity Stories We Were Jealous of in 2019 - VICE
- Why Are Résumés Still a Thing? - VICE
- Disk Cleanup on Windows Server 2019, Server Core Edition - The Tech Journal
- Risks, Issues, Benefits Of Tactically Automating Twitter Case Study - EvilTester.com
- Embracing a Prevention Mindset to Protect Critical ...
- Lightmeter will soon help you tune up your email server | ZDNet
- 10 Best Free Unified Modeling Language Tools - LinuxLinks
- Erman Arslan's Oracle Blog: Oracle Linux / Linux for Oracle Database / Why?
- Hackers were paid ransom after attack on Canadian insurance firm, court documents reveal | CBC News
- NBlog - the NoticeBored blog: NBlog Nov 28 - risks, dynamics and strategies
- NBlog - the NoticeBored blog: NBlog Nov 26 - 7 ways to improve security awareness & training
- NBlog - the NoticeBored blog: NBlog Nov 22 - who owns compliance?
- NBlog - the NoticeBored blog: NBlog November - privacy awareness update
- NBlog - the NoticeBored blog: NBlog Oct 6 - a dozen infosec strategies (amended x2)
- NBlog - the NoticeBored blog: NBlog Sept 26 - audit strategies
- Changing the Monolith—Part 3: What’s your process?
- NBlog - the NoticeBored blog: NBlog Dec 3 - infosec driving principles
- Governance involves structuring, positioning, setting things up and guiding the organization in the right overall direction - determining then plotting the optimal route to the ship's ultimate destination, loading up with the right tools, people and provisions. Corporate governance necessarily involves putting things in place for both protecting and exploiting information, a vital and valuable yet vulnerable business asset;
Information is subject to risks that can and probably should be managed proactively, just as a ship's captain doesn't merely accept the inclement weather and various other hazards but, where appropriate, actively mitigates or avoids them, dynamically reacting and adjusting course as things change;
Flexibility and responsiveness, along with resilience and robustness, present more options, opportunities to make the best of whatever situations occur, including novel hazards that weren't anticipated. If the Titanic's captain hadn't been steaming quite so fast through icy seas at night, or had thought further ahead, or was at the helm of a more nimble vessel, maybe he could have turned hard enough to avoid the iceberg that ripped open the hull of his supposedly unsinkable and apparently difficult to steer ship;
Making the best of available resources implies a blend of knowledge and skills, particularly in leadership and motivation of people: people remain central to information risk and security management. Even as technology grows in importance within information security, it's more tool than device. In the hands of a master mariner, a sextant becomes a valuable instrument rather than an ornament;
Assurance is a valuable product of oversight, monitoring, testing, reviewing and auditing activities, allowing management as well as third parties to have faith in the information risk and security management arrangements. The extent and quality of assurance activities correlates strongly with an organization's capabilities and maturity, largely because assurance supports the need for improvements and demonstrates progress. That seaworthiness certificate isn't just a ticket to leave port: it gives confidence that things are in order down below.
- Data privacy is about more than compliance—it’s about being a good world citizen
- New privacy assessments now included in Microsoft Compliance Score
- NBlog - the NoticeBored blog: NBlog February - just-in-time security awareness
- NBlog - the NoticeBored blog: NBlog Dec 23 - how many ISO MSSs are there?
- NBlog - the NoticeBored blog: NBlog Dec 20 - ISO27k maturity metric
- NBlog - the NoticeBored blog: NBlog Dec 12 - a universal KPI
- Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure
- How companies can prepare for a heightened threat environment
- Changing the monolith—Part 2: Whose support do you need? - Microsoft Security
- GitHub - microsoft/ApplicationInspector: A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
- Introducing Microsoft Application Inspector
- Changing the monolith—Part 1: Building alliances for a secure culture - Microsoft Security
- Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks - Microsoft Security
- Improve cyber supply chain risk management with Microsoft Azure
- Zero Trust strategy—what good looks like
- Microsoft Cloud Security solutions provide comprehensive cross-cloud protection - Microsoft Security
- Thinking about the balance between compliance and security
- Improve security with a Zero Trust access model
- Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise - Microsoft Security
- Guarding against supply chain attacks—Part 1: The big picture
- Cyber-risk assessments—the solution for companies in the Fourth Industrial Revolution
- How to find a stud in the wall - The Silicon Underground
- What is WD-40 used for? - The Silicon Underground
- The Hidden Cost of Ransomware: Wholesale Password Theft — Krebs on Security
- Grouper2 - Find Vulnerabilities In AD Group Policy
- Microsoft’s 4 principles for an effective security operations center
- 1. It starts with assessment.
2. Invest in the right technology.
3. Hire a diverse group of people.
4. Foster an innovative culture.
- Patching as a social responsibility
- TLS version enforcement capabilities now available per certificate binding on Windows Server 2019
- Are students prepared for real-world cyber curveballs?
- Foundations of Flow—secure and compliant automation, part 2
- Foundations of Microsoft Flow—secure and compliant automation, part 1
- NBlog - the NoticeBored blog: NBlog January - ISO27k awareness & training materials
- S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
- CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
- CredNinja
- Verifying your .gitignore is working correctly -- Prefetch Technologies
- 97% of airports showing signs of weak cybersecurity
- The NHS has suffered only six ransomware attacks since WannaCry
- SEC Shares Cybersecurity and Resiliency Observations
- Backing up your route53 zone configuration with the aws CLI -- Prefetch Technologies
- DeployHappiness | Setting Up A Scheduled Task Server and Automatic Tasks
- DSHR's Blog: Library of Congress Storage Architecture Meeting
- "Leading to Learning," Part 3: Characteristics of Success | Don Jones®
- "Leading to Learning," Part 2: the Problems We Face | Don Jones®
- Better Event Logs with PowerShell • The Lonely Administrator
- Front-End Performance Checklist 2020 [PDF, Apple Pages, MS Word] — Smashing Magazine
- Creating Linked HTML with PowerShell • The Lonely Administrator
- How to power ANYTHING using USB-C Power Delivery
- GitHub - google/OpenSK: OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
- How emerging privacy laws are impacting the health care industry
- PEPR '20 | USENIX
- Avoid heavy AI regulation, White House tells EU – EURACTIV.com
- Ryuk and Sodinokibi Surge as Ransom Payments Double
- A billion medical images are exposed online, as doctors ignore warnings | TechCrunch
- Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica
- Anyone with a camera and $5 can now have a license plate reader | Engadget
- Google Online Security Blog: Say hello to OpenSK: a fully open-source security key implementation
- This month's Windows and Office security patches: Bugs and solutions | Computerworld
- AVAST: Jumpshot will be closed after privacy scandal | Born's Tech and Windows World
- Windows 10 V1909 and a possible GPO Issue – Part 2 | Born's Tech and Windows World
- Windows 10 V1909 and a possible GPO Issue | Born's Tech and Windows World
- Useful tools for AWS cloud security | Born's Tech and Windows World
- The History Of Computing: Iran and Stuxnet - krypted
- Celestron FirstScope | Cool Tools
- Why Work From Home? There are Many Benefits, But Also Pitfalls
- What is Big Data? – Marksei
- What is Data Science? – Marksei
- Zero Day Initiative — Looking Back at the Zero Day Initiative in 2019
- The Potential Cyberwar Between Iran and the U.S. | Security Gladiators
- The dark side of expertise [LWN.net]
- A New Decade and New Cybersecurity Orders at the FTC - Lawfare
- The Cyberlaw Podcast: Is CCPA short for 'Law of Unintended Consequences'? - Lawfare
- Key Global Takeaways From India's Revised Personal Data Protection Bill - Lawfare
- Avast's Free Antivirus Tracks Your Browsing Activity & Sells It For Millions
- You're Responsible for Resiliency of Your Public Cloud Deployment « ipSpace.net blog
- Using LVM cache for storage tiering - Luc de Louw's Blog
- LibreRouter is an Open-Source Hardware Router for Community Networks
- Ransomware Linked to Iran, Targets Industrial Controls - Bloomberg
- Duo CEO Dug Song: We have to make security simple
- Cloud is starting to smell a lot like legacy tech - Cloud - Services - Software - CRN Australia
- The 2018 Linux AMI was given an end-of-support date of 30 June, 2020, together with an explanation that moving on was a good idea because the OS wouldn’t be able to support nice new things in EC2.
But earlier this week AWS announced an extension of support until 31 December, 2020 and “a new maintenance support period that extends to June 30, 2023.”
The reason? “Customer feedback”.
- Master Infrastructure-as-Code and Immutable Infrastructure Principles « ipSpace.net blog
- USENIX Security '18-Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? - YouTube
- [FoR&AI] Machine Learning Explained – Rodney Brooks
- Migrating Oracle Exadata Workloads to Azure
- ORACHKSUM v20.01 is out! - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Dissecting 200114 BP, PSU, RU and RUR - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Video : Decoupling to Improve Performance | The ORACLE-BASE Blog
- Structuring Content : Think Pyramid! | The ORACLE-BASE Blog
- Patching all my environments with the January 2020 Patch Bundles
- The Trends in IT Security, As You See It
- Four GDPR fines every business can learn from - VinciWorks Blog
- Why DPOs and CISOs Must Work Closely Together
- China-Based Cyber Espionage Group Reportedly Behind ...
- Forensics Investigation of Ping Command
- HCL Domino V11 – Directory Synchronzation – Part 7 | eknori.de
- What You Should Actually Learn From a Pentest Report - Black Hills Information Security
- Dumping Firmware With the CH341a Programmer - Black Hills Information Security
- Fugue open sources Regula, security and compliance tool for Terraform
- Odoo in a root-less container | Soliloquies
- Octarine Open Sources New Security Scanning Tools - TFiR: Open Source & Emerging Technologies
- BlueTooth Security Risks – Linux Hint
- Convenience over security: Mobile healthcare apps open up fresh risks to patients’ data | The Daily Swig
- distri: 20x faster initramfs (initrd) from scratch
- Deploying OpenSCAP on Satellite using Ansible
- How much does ISO 27001 Certification Cost? | Pivot Point Security
- Files on web servers Part I: History Files | Sebastian Neef - 0day.work
- ToolsWatch.org – The Hackers Arsenal Tools Portal » Top 5 Critical CVEs Vulnerability from 2019 That Every CISO Must Patch Before He Gets Fired !
- Building containers without Docker
- Terraform 0.12 – Module for creating Azure virtual machine | geekdudes
- Azure Storage tips | James Serra's Blog
- Get HP Driver Pack Info with PowerShell – Web Scraping Method – smsagent
- Under The Stairs: Planet PowerShell - A New PowerShell Resource
- Azure Cloud Solution Architects Podcast 11 - Azure Hybrid using Stack & Arc - Thomas Maurer
- How to Create Great Tech Demos and Presentations - Thomas Maurer
- Use Azure Security Center with Windows Server on-premises - Thomas Maurer
- Active Directory, AD FS and Azure AD in terms of Data Privacy - The things that are better left unspoken
- OTA digital TV notes | Nelson's log
- 5 Critical Elements for a Successful Cloud Native Transformation | APMdigest - Application Performance Management
- How AI Will Evolve for IT in 2020 - Part 2 | APMdigest - Application Performance Management
- How AI Will Evolve for IT in 2020 - Part 1 | APMdigest - Application Performance Management
- Docker Health Checks – Stuff I'm Up To
- Chris's Wiki :: blog/solaris/ZFSDVAFormatAndGrowth
- Chris's Wiki :: blog/solaris/ZFSWhyNoRealReshaping
- Evolving Threat series — Insider Attacks case studies (Part 2)
- Evolving Threat series — Mining patterns to assess Insider Attacks (Part 3)
- Evolving Threat series— Understanding Insider Attacks (Part 1)
- UN hacked in 2019, tried to keep it secret | Born's Tech and Windows World
- Detect insecure LDAP bindings before March 2020 | Born's Tech and Windows World
- Get Ready for LDAPS Channel Binding | PeteNetLive
- MIDI 2.0 overhauls the music interface for the first time in 35 years | Engadget
- .NET Freelancing: How To Get Started – Online Businesses
- Exploiting the Windows CryptoAPI Vulnerability | Trail of Bits Blog
- Whose Curve Is It Anyway
- Modernizing Red Hat Enterprise Linux System management the easy way
- Looking At The Linux Performance Two Years After Spectre / Meltdown Mitigations - Phoronix
- the geometric mean of the E3-1280 v5 was at 77% performance out-of-the-box compared to no mitigations, the Xeon E3-1275 v6 at 79% compared to no mitigations, and then the Xeon Platinum 8280 Cascade Lake came in at 95% thanks to its hardware mitigations in the various server-focused benchmarks ran that are impacted by these kernel mitigations.
- 3 Privacy & Security Focused Linux Distributions to Try in 2020 - Putorius
- Tails OS – Privacy for Anyone Anywhere
Whonix – Stay Anonymous
Qubes OS – A Reasonably Secure Operating System
- GDPR has led to $126 million in fines over data privacy | Engadget
- HCL Domino V11 – Directory Synchronzation – Part 6 | eknori.de
- HCL Domino V11 – Directory Synchronzation – Part 5 | eknori.de
- HCL Domino V11 – Directory Synchronzation – Part 4 | eknori.de
- Avoid That Billion-Dollar Fine: Blurring the Lines ...
- FTCode Ransomware Now Steals Saved Login Credentials
- FTCODE Ransomware — New Version Includes Stealing Capabilities | Zscaler
- FTCODE
- Elaborate Honeypot 'Factory' Network Hit with ...
- Supply Chain Cyber Security: What Are the Risks?
- Misadventures in AWS
- Build a 10 USD Raspberry Pi Tunnel Gateway
- AWS Backup: EC2 Instances, EFS Single File Restore, and Cross-Region Backup | AWS News Blog
- Update – datastore corruption issue with XCOPY – Dell EMC PowerMax with VMware
- WhiteCanyon VP Nathan Jones walks me through a live demo of WipeDrive using a VMware ESXi 6.7 VM in TinkerTry's home lab! | TinkerTry IT @ Home
- Changing date time zones using PowerShell – Virtually Sober
- What to do after patching CVE-2020-0601 | >_
- When / why / how to use paravirtualized adapters – Notes from MWhite
- Hackers are closing the Shitrix security hole to keep everyone out of Citrix servers apart from themselves
- Albany Airport Pays Off Sodinokibi Ransomware Gang: Report
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
- Lsassy - Extract Credentials From Lsass Remotely
- Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones
- LAVA - Large-scale Automated Vulnerability Addition
- CHAPS - Configuration Hardening Assessment PowerShell Script
- Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
- Karonte
- TuxResponse - Linux Incident Response
- RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
- Multiscanner - Modular File Scanning/Analysis Framework
- Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security
- Accomplishing SOC 2 Type II in the Cloud-Native Kubernetes Era
- 11 cyber security predictions for 2020 - IT Governance UK Blog
- 1. Cyber criminals will take advantage of incorrectly patched machines for known vulnerabilities.
2. Attacks involving the IoT will continue.
3. Critical infrastructure and home technology will be targeted.
4. Ransomware will continue to increase.
5. Open banking will be targeted.
6. Deep fake technology will be used in social engineering attacks.
7. Business email compromise attacks will increase.
8. Payment card thefts will rise.
9. Cyber criminals will continue to use blockchain technology for transactions.
10. Low-level attacks aren’t going anywhere.
11. Weak passwords will continue to be exploited as attackers monetise credentials.
- The Importance of Setting Patching Priorities
- Mark Johnson
- Introduction to OSINT Video – We are OSINTCurio.us
- New Standards Set to Reshape Future of Email Security
- DMARC 2.0
BIMI
AMP for Email
Schema.org for Email
STARTTLS and MTA-STS
- What Tools Will Find Misconfigurations in My AWS S3 ...
- S3-inspector
S3Scanner
Bucket Finder
- BBP: My Path to the CISO Chair - The Ethical Hacker Network
- How to Break into Router Gateways with Patator « Null Byte :: WonderHowTo
- How to Automate Brute-Force Attacks for Nmap Scans « Null Byte :: WonderHowTo
- How to Hack Apache Tomcat via Malicious WAR File Upload « Null Byte :: WonderHowTo
- Xaxxon OpenLidar Install – JerryGamblin.com
- Zero Day Initiative — Reliably Finding and Exploiting ICS/SCADA Bugs
- What Does Being Data-Centric Actually Look Like?
- 1. Re-Think Your Organizational Structure
2. Empowering the Right People
3. Process Not Event
4. Security and Responsibility
- Pentesting with a Raspberry Pi! - The Ethical Hacker Network
- Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool - The Ethical Hacker Network
- Ten Questions—And Answers—About the California Consumer Privacy Act | Electronic Frontier Foundation
- Forensic Investigation of Social Networking Evidence using IEF
- SECURITY ALERT: Microsoft releases critical security updates to fix major vulnerabilities
- Pwning your (web)server and network the easy way - or why exposing ~/.ssh/ is a bad idea | Sebastian Neef - 0day.work
- Even The Greatest Jeopardy Contestants of All Time Struggle with Cybersecurity | Pivot Point Security
- 200 Points = This type of hacker referred to by a colorful bit of headwear helpfully tests computer systems for vulnerability. What is, White Hat
400 Points = A website with a site certificate is one that uses encryption; this letter after http is one sign of it. What is, S
600 Points = Companies consider cybersecurity when instructing employees with a policy on BYOD, short for this. What is, Bring Your Own Device
800 Points = A ransomware attack that encrypted 3,800 city of Atlanta computers demanded 6 of these digital items to unfreeze them. What is, Bitcoins
1000 Points = Beware of these types of programs that track every stroke you make while typing in an effort to glean your password. What is, Keylogging
- 2020: The Vulnerability Fujiwhara Effect – Oracle and Microsoft Collide – RBS
- January 14th, 2020
April 14th, 2020
July 14th, 2020
Confirmed
Microsoft
Oracle
Adobe
SAP
Siemens
Schneider Electric
Potential
Google
Apple
Mozilla
Intel
Cisco
F5
Juniper
- Accenture to Buy Symantec's Cyber Security Services
- 5 Tips on How to Build a Strong Security Metrics ...
- Tip 1: Know your audience.
Tip 2: Aggregate:Group,Area,Key risk.
Tip 3: Map to controls.
Tip 4: Designate acceptable values and objective ranges.
Tip 5: Measure and report regularly.
- 7 Free Tools for Better Visibility Into Your Network
- Zabbix
Spiceworks
Nagios Core
Cacti
Zenmap/Nmap
Wireshark
- These Open Source Habits Could Make Your Career
- The 15 Things To Know Before Using Kali Linux in 2020
- Active Directory Needs an Update: Here's Why
- How to Keep Security on Life Support After Software ...
- Buy Extended Support
Isolate It From the Network
Limit User Access
Watch for 'Out-of-Band' Fixes
- 6 Unique InfoSec Metrics CISOs Should Track in 2020
- Security Team Proficiency
Security Team Satisfaction
Support of the Business Mission
Perceived Privileged Users Versus Actual Privileged Users
Potential Cost of Security Incident
Return on Investment
Focus areas include data showing our Cyber Insurance levels, external internet risk scores, the executive summary of our annual third-party risk assessment, with agreed-upon mitigation/remediation activity, and our security program coverage map broken out by CSF categories of: Identify or (Visibility), Protection, Detection, Response and Recover.
- 7 Ways to Get the Most Out of a Penetration Test ...
- Develop targeted goals for the engagement.
Ask for a report that's geared for the business team.
Have the pen tester tell you what you're doing right.
Solicit input from the developers.
Set up an annual pen test - at the least.
Ask for detailed reports for the tech staff.
Get the pen testers to go beyond the obvious.
- ADP Users Hit with Phishing Scam Ahead of Tax Season
- Containers, networks, security, and more Ansible news | Opensource.com
- Dbvisit 9: Adding datafiles and or tempfiles - Blog dbi services
- What’s new with Oracle database 18.8 versus 18.9 | Frits Hoogland Weblog
- What’s new with Oracle database 19.6 versus 19.5 | Frits Hoogland Weblog
- What is mitmproxy? A tool to inspect TLS-encrypted traffic | CSO Online
- 2020 outlook for cybersecurity legislation | CSO Online
- 3 ways to make your Windows network harder to attack | CSO Online
- Vulnerability management requires good people and patching skills | CSO Online
- 8 Cybersecurity Risks in Android’s VoIP Components
- Celebrating 20 years of enterprise Java
- File carving tools – Linux Hint
- Email Header Analysis – Linux Hint
- What is Kanban and How to use Kanban in Linux - Real Linux User
- https://my-personal-kanban.appspot.com/
- The Difference Between Business Intelligence, Reporting, Metrics, and Analytics | Daniel Miessler
- Microsoft Announces An Open-Source, Free Source Code Analyzer Tool
- FSM - Hacker stole over 10,000 hospital files
- OpenStack Security and Compliance for Telco - YouTube
- Solaar | Application for Logitech Unifying Receivers and Devices on openSUSE – CubicleNate's Techpad
- Solaar
- Quick Dive into Selenium with python | Codementor
- "Microservices require a high-level vision to shape the direction of the system in the long term," says Jaime Buelta | Packt Hub
- Turns Out Oracle Copied Amazon's S3 APIs; When Confronted, Pretends That's Different (Spoiler Alert: It's Not) | Techdirt
- What is Azure Active Directory? – Active Directory Security
- HCL Domino V11 – Directory Synchronzation – Part 3 | eknori.de
- HCL Domino V11 – Directory Synchronzation – Part 2 | eknori.de
- HCL Domino V11 – Directory Synchronzation – Part 1 | eknori.de
- Big Microsoft day: EOL for Win7, Win2008 and crypt32.dll | Alexander V. Leonov
- Bill Sempf | Application Security This Week for January 19
- Bill Sempf | Application Security This Week for January 12
- Sodinokibi Ransomware Publishes Stolen Data For Unpaid Ransom Demands
- My 5 favorite Linux sysadmin tools | Enable Sysadmin
- 20 years of FAI and a new release
- Live Forensics Tools – Linux Hint
- Announcing Oracle Linux 7 Update 8 Beta Release | Oracle Linux Blog
- Thirteen Useful Tools for Working with Text on the Command Line - Make Tech Easier
- Ghosn's Japan lawyer: Questioning averaged 7 hours a day - Japan Today
- 6 requirements of cloud-native software | Opensource.com
- Runtimes: They are more likely to be written in the container-first or/and Kubernetes-native language, which means runtimes such as Java, Node.js, Go, Python, and Ruby.
Security: When deploying and maintaining applications in a multi-cloud or hybrid cloud application environment, security is of utmost importance and should be part of the environment.
Observability: Use tools such as Prometheus, Grafana, and Kiali that can enhance observability by providing realtime metrics and more information about how applications are being used and behave in the cloud.
Efficiency: Focus on a tiny memory footprint, small artifact size, and fast boot time to make applications portable across hybrid/multi-cloud platforms.
Interoperability: Integrate cloud-native apps with open source technologies that enable you to meet the requirements listed above, including Infinispan, MicroProfile, Hibernate, Kafka, Jaeger, Prometheus, and more, for building standard runtime architectures.
DevOps/DevSecOps: These methodologies are designed for continuous deployment to production, in-line with the minimum viable product (MVP) and with security as part of the tooling.
- 11 top open-source API testing tools: What your team needs to know | TechBeacon
- The year of encryption is upon us
- Configuring HDD to spin down in Linux via SMART - Lukáš Zapletal
- cat >/etc/udev/rules.d/69-hdparm.rules <<EOF
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", RUN+="/usr/sbin/smartctl --set apm,128 --set lookahead,on --set wcache,on --set standby,241 /dev/%k"
EOF
- How to setup multiple monitors in sway - Fedora Magazine
- Encryption: An Essential Yet Highly Controversial Component of Digital Security Features
- How to Get Total Inodes of Root Partition
- sudo du --inode /
- Make Debian a Wireless Access Point
- How to Detect and Clean Up Hard Disk Storage with QDirStat in Linux - Make Tech Easier
- QDirStat
- How to Change/Spoof a MAC Address in Debian 10
- Decyphering the OSI model of networking: 7 layers of bean dip | Enable Sysadmin
- Physical
Data
Network
Transport
Session
Presentation
Application
- Odoo Raises $90M To Advance Open Source ERP - Enterprise Apps Today
- 4 lessons for sysadmins from The Unicorn Project | Enable Sysadmin
- Repeatability and consistency
Creating a culture of learning
Avoiding the lone wolf sysadmin
Working harder not smarter with automation
- 2020-01: SSL Web Certificates | KWLUG - Kitchener-Waterloo Linux User Group
- 2020-01: SSL Web Certificates, Dhall | KWLUG - Kitchener-Waterloo Linux User Group
- 7 questions sysadmins should ask a potential employer before taking a job | Enable Sysadmin
- How many sysadmins will work alongside me for day-to-day operations?
What’s the ratio of devices, users, and customers to sysadmins?
How are the systems managed currently for patching, enterprise mobility, SIEM, and ITAM?
What is considered an average downtime?
What are the data backup procedures and the formats, and how
often are backups tested?
What is the purchasing procedure for hardware and software?
Is there an existing plan for recycling hardware and how often is it done?
- FFmpeg: How To Crop Videos, With Examples - Linux Uprising Blog
- How to monitor file integrity on Linux using Osquery - LinuxConfig.org
- SSHFS: Mounting a remote file system over SSH | Enable Sysadmin
- conrad - conferences and meetups on your terminal - LinuxLinks
- Bash-it - Bash Framework to Control Your Scripts and Aliases
- How to use the screen command on Linux to keep your remote task running when the connection drops
- A Brief History of Open Source Software, Part 3: The FOSS Environment Today | ConsortiumInfo.org
- Falco is the First Runtime Security Project to Join the CNCF Incubator
- Red Hat DevSecOps Strategy Centers on Quay - Container Journal
- Quay
- IBM Research open-sources SysFlow to tackle cloud threats - SiliconANGLE
- SysFlow
- Beware of security debt in your software | ITWeb
- Council Post: Three Ways To Bridge The Cybersecurity Talent Gap
- 1. Create A Compelling Environment
An employee will stay as long as they can at a job they truly care about, even if the pay isn’t ideal.
2. Connect With Open Source
There are so many profound benefits to utilizing open source software, but one of the most significant is connecting to a community that cares about their work, especially when employed talent is more difficult to come by.
3. Specialize Your Benefits
If you can free them from that commute by offering remote work options, you’ve given them four hours a day that they can rest, be more productive, be with their family, and generally raise their quality of life.
If you’re a startup with less to offer in the way of salaries, can you offer more stock options? This gives your team ownership in what they’re working on. That opportunity for growth can often be even more appealing than a higher income.
What kind of PTO can you offer, while still keeping productivity competitive? Can you offer four-day workweeks?
- Reachy open source robot - Geeky Gadgets
- Home - Rhasspy
- Remembering Brad Childs - Kubernetes
- TikTok Riddled With Security Flaws | Threatpost
- New SHA-1 Attack - Schneier on Security
- Best Linux Distributions for DevOps - LinuxTechLab
- scandir-rs
- 5 questions to ask before choosing a public cloud provider
- As businesses iron out their cloud strategies—and consider when and where to use a public cloud – here are some of the key questions to ask.
1. What makes up the cloud infrastructure stack?
Be sure to ask potential service providers what comprises the infrastructure software that they use. For example, do the provider’s operating systems have the proven reliability, security, and performance of the operating systems you run in your data centers?
2. Will my IT staff need any new training?
Are there notable differences in the operating system (OS), middleware, or container orchestration technologies offered from the cloud provider that will require retraining of your IT staff?
3. Who is in your partner ecosystem?
This may be one of the most important questions to ask, especially since the answer is intertwined with questions one and two above. If a potential cloud provider is already partnering with vendors you use in-house, there may be an opportunity for a fair amount of consistency between their infrastructure and yours. To that end, Red Hat has hundreds of certified cloud and service providers in its partner ecosystem, along with Red Hat OpenShift, a comprehensive container application platform built on Kubernetes that lets users run apps in any environment on any cloud, and Red Hat Enterprise Linux, the most deployed commercial Linux distribution for public clouds.
4. Does your provider offer the services you need?
Cloud providers have a menu of services that may include Kubernetes, serverless computing, databases, artificial intelligence, machine learning, etc., but the choices only matter if they offer the services you need. Be sure to ask for details about all their services, and map those to your current and near-term plans. And don’t forget to ask about their roadmap to see if it dovetails with yours.
5. What security do you have in place?
Ask the provider for a full review of all the security plans, systems, and certifications they have. For example, how do they secure the hardware, and how do they encrypt data, both in transit and at rest? Also, find out if they offer any monitoring functions, and what their policies are regarding security breaches.
- AWS announces AutoGluon, an open-source library for writing AI models - SiliconANGLE
- OpenWrt Project: Backup and restore
- How to power a music server with Armbian | Opensource.com
- How I upgraded my CuBox open source music server | Opensource.com
- Infrastructure-as-Code mistakes and how to avoid them | Ubuntu
- Are you being the right person for DevOps? | Opensource.com
- 5 ops hacks for sysadmins | Opensource.com
- The Marriage of Data Exfiltration and Ransomware
- Erman Arslan's Oracle Blog: Hyperion / EPM -- Enabling TLS 1.2 and LDAPS in Hyperion/EPM 11.1.2.4
- Utilitarian Nightmare: Offensive Security Tools — Adam Caudill
- AWS Solutions Architect Associate Exam - How I passed! - mwpreston.net
- Automating SQL and PL/SQL Deployments using Liquibase | The ORACLE-BASE Blog
- Open Security Courses — Open Reference Architecture for Security and Privacy 20202-Q1 documentation
- Checks Performed | YAWAST …where a pentest starts
- YAWAST: News & Mission — Adam Caudill
- How to Set Goals and Resolutions You'll Actually Keep
- Selling Your Business? Read This First – Running Your Business
- How To Speak by Patrick Winston - YouTube
- A Memorial to Patrick H. Winston
- GreenPiThumb: A Raspberry Pi Gardening Bot · mtlynch.io
- Threats and Solutions for Supply Chain Attacks in IT - DeepSec conference sheds light on the concatenated logistics of information technology. •
- Protect your data with Encrypted Data Pump Jobs – ThatJeffSmith
- How to Do Code Reviews Like a Human (Part One) · mtlynch.io
- FOCA - Tool To Find Metadata And Hidden Information In The Documents
- Eaphammer v1.9.0 - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks
- Traxss - Automated XSS Vulnerability Scanner
- ScoutSuite - Multi-Cloud Security Auditing Tool
- Kirjuri - Web Application For Managing Cases And Physical Forensic Evidence Items
- Snare - Super Next Generation Advanced Reactive honEypot
- ATTACKdatamap - A Datasource Assessment On An Event Level To Show Potential Coverage Or The MITRE ATT&CK Framework
- AutoSploit v4.0 - Automated Mass Exploiter
- ThreatIngestor - Extract And Aggregate Threat Intelligence
- Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
- Sparrow-Wifi - Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux
- DFIRtriage - Digital Forensic Acquisition Tool For Windows Based Incident Response
- Adaudit - Powershell Script To Do Domain Auditing Automation
- DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices
- WinPwn - Automation For Internal Windows Penetrationtest / AD-Security
- Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
- Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare
- Nessus Map - Parse .Nessus File(S) And Shows Output In Interactive UI
- Genact - A Nonsense Activity Generator
- Dsiem - Security Event Correlation Engine For ELK Stack
- nodeCrypto v2.0 - Ransomware Written In NodeJs
- ReconCobra - Complete Automated Pentest Framework For Information Gathering
- huskyCI - Performing Security Tests Inside Your CI
- XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
- Open-Source Software in Federal Procurements: The Good, the Bad, and the Ugly, Part 1 – The Good | PilieroMazza PLLC - JDSupra
- AWS Report - Tool For Analyzing Amazon Resources
- USENIX Enigma 2019 - Stethoscope: Securely Configuring Devices without Systems Management - YouTube
- USENIX Enigma 2019 - How to Predict Which Vulnerabilities Will Be Exploited - YouTube
- How Do Cyber Insurers View The World? - YouTube
- Healthcare Cyber Threats That Should Keep You up at Night | Webroot
- GDPArrrrr: Using Privacy Laws to Steal Identities - YouTube
- Are Computer Architects to Blame for the State of Security Today? | SIGARCH
- 2 19 Welcome to the Jumble Improving RDP Tooling for Malware Analysis and Pentesting milio Gonzalez - YouTube
- Infosecurity.US - https://infosecurity.us - XKCD, Software Updates
- Codebook - November 14, 2019 - Axios
- The Death of Gary Kildall Remains a Mystery to This Date | Techrights
- Java mon amour: Lasse Koskela, Effective Unit Testing
- Windows Performance Monitoring Templates [Tutorial]
- How to Build an Azure Pipeline (Build/Release) from Scratch
- "Leading to Learning," Part 1: Here's Where We Are – Don Jones®
- Manning | Effective Unit Testing
- The Netflix Secret Codes Cheat Sheet
- Wood for pantry shelves - The Silicon Underground
- DIY cloud weather station with ESP32/ESP8266 (MySQL database and PHP) – Dangerous Prototypes
- Multiple ways to Capture Memory for Analysis
- Windows for Pentester: Certutil
- Docker Installation & Configuration
- Apache Tomcat Penetration Testing Lab Setup
- Why the Healthcare Sector Is So Vulnerable to Cybercrime
- DevSecOps: Overcoming Resistance - HealthcareInfoSecurity
- HHS Updates Security Risk Assessment Tool - HealthcareInfoSecurity
- Medical Device Cybersecurity: A Team Approach
- List of data breaches and cyber attacks in December 2019 – 627 million records breached - IT Governance UK Blog
- Police Procedural: How South Carolina Arrest Records Were Exposed
- This Year in Ransomware Payouts (2019 Edition)
- Software Patching Statistics for 2019: Common Practices and Vulnerabilities
- What is the Zero Trust Model?
- APT review: what the world’s threat actors got up to in 2019 | Securelist
- Corporate security prediction 2020 | Securelist
- IoT: a malware story | Securelist
- Cybersecurity of connected healthcare 2020: Overview and predictions | Securelist
- 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre – HOTforSecurity
- S3Tk - A Security Toolkit For Amazon S3
- WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts
- Windows for Pentester: BITSAdmin
- Iranian threat groups - Koen Van Impe - vanimpe.eu
- How Regular Cyber Security Assessments and Audits Help Your Organization - Delta Risk
- How to Design a Break Glass Process in Privileged Account Management (PAM) Systems | Security Architects Partners
- State saves millions with open source EHR | Opensource.com
- Portales hospital reports security breach | KVII
- Security contributions to OpenWrt: dm-verity and SELinux - Bootlin's blog
- A Brief History of Open Source Software, Part 2: OSS Licenses and Legalities | ConsortiumInfo.org
- How the Ransomware Economy Has Grown
- How to Read a File in Python, Write to, and Append, to a File
- How I once saved half a million dollars with a single character code change | Pitest
- UL Pushes Security Standards For The Internet Of Broken Things | Techdirt
- Linux in the Kitchen | Life Enhancement Blathering – CubicleNate's Techpad
- lnsnmp.exe -Sc fails on Domino V11 GA | eknori.de
- Bringing Security Testing to Development - owasp-appseceu2015-brucker.pdf
- Bringing Security into the Development Process
- What is SecDevOps and why should you care? - Sqreen Blog
- E-Learning Simulations: Are Yours Engaging Enough? – Business Ideas
- My 2020 Higher Education Finance Reading List – Robert Kelchen
- 9 Ansible guides to help you ease into automation | Enable Sysadmin
- Handle PowerShell Errors Like a Boss With These Tips
- Writing Ansible Playbook · GeekSocket
- Lawmakers close to finalizing federal strategy to defend against cyberattacks | TheHill
- 47 #LinkedIn Improvement Tips for 2020 | DennisKennedy.Blog
- WebLogic Server - Automatic/Silent setup of a SAML2 SSO - Blog dbi services
- WebLogic Server - Automatic/Silent creation of an LDAP Authentication Provider - Blog dbi services
- Google's AI can detect breast cancer more accurately than experts | Engadget
- 2020: Trends and predictions for technology and IT – Marksei
- A Brief History of Open Source Software | ConsortiumInfo.org
- sysadvent: Day 9 - In Defense Of The Modern Day JVM (Java Virtual Machine)
- Basically, when I said the word “JVM,” they heard, “Here's my JAR file. Good luck, chumps. Kbye.”
- sysadvent: Day 5 - Break up your Terraform project before it breaks you
- sysadvent: Day 4 - Successful projects without all the pain
- Raspberry Pi 3 baby monitor | Hackspace magazine #26 - Raspberry Pi
- GitHub - marin-m/vmlinux-to-elf: A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
- How to Use LinkedIn Skill Assessments to Stand Out
- What's the Difference Between DDR2, DDR3, and DDR4 RAM?
- 5 Money-Saving Guides & Apps to be Financially Independent and Retire Early
- Turn Your Raspberry Pi Into a Media Server With Emby
- How to Back Up Your Android Device Properly
- Released: SQL Assessment API (GA) - Microsoft Tech Community - 989677
- New features in SQL Server 2019 Standard Edition
- Optimize OLTP Performance with SQL Server on Azure VM - Microsoft Tech Community - 916794
- Network Booting The Pi 4 | Hackaday
- Pack Your Bags – Systemd Is Taking You To A New Home | Hackaday
- Hacking Diabetes Hack Chat | Hackaday
- Lego Rack Server | Total Geekdom
- Ikea - Trammell Hudson's Projects
- DSHR's Blog: Web Packaging for Web Archiving
- 34", $100, 20 lb Triple Weed Whacker Lawnmower | Hackaday.io
- Home - PiSDR Project
- VGA Signal In A Browser Window, Thanks To Reverse Engineering | Hackaday
- GitHub - IoTGuruLive/dust_box: Dust sensor box
- Advancing The State Of Cyberdeck Technology | Hackaday
- The Cyberdeck Mark 2: the dream of the '80s is alive. - Album on Imgur
- Announcing Performance Optimized Storage Configuration for SQL Server on Azure VMs with SQL VM RP - Microsoft Tech Community - 891583
- TOP 5 Benefits of Azure Dedicated Hosts (Preview) for SQL Server Workloads on Azure VMs - Microsoft Tech Community - 817951
- Using Query Store with least privileges instead of db_owner to achieve Separation of Duties - Microsoft Tech Community - 793117
- Linux Find Out Maximum RAM Supported By Server / BIOS - nixCraft
- # dmidecode |grep -i "Maximum Capacity:" | uniq
- Zero Day Initiative — Patch Analysis: Examining a Missing Dot-Dot in Oracle WebLogic
- U.S. GAO - Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed
- Enumerating remote access policies through GPO
- faasd - lightweight Serverless for your Raspberry Pi
- sysadvent: Day 23 - Becoming a Database Administrator
- sysadvent: Day 21 - Being kind to 3am you
- sysadvent: Day 20 - Importing and manipulating your Terraform configuration
- sysadvent: Day 19 - SRE Practice: Error Budgets
- Building and Maintaining a Sustainable Team - The Automation Blog
- How to use Microsoft Compliance Score to improve data protection | CSO Online
- 6 top OSINT tools: Find sensitive public info before hackers do | CSO Online
- Three strategies to prove security's value | CSO Online
- The Difference Between System V and SystemD | Daniel Miessler
- My Collection of Statistics About Americans | Daniel Miessler
- 6 CISO New Year's Resolutions for 2020
- Former White House CIO Shares Enduring Security ...
- How Medical Device Vendors Hold Healthcare Security ...
- 4 Security Lessons Federal IT Pros Can Teach the ...
- Lesson 1: Focus on the Fundamentals
Lesson 2: Know Your Weaknesses
Lesson 3: Create a Culture Around Security
Lesson 4: Take Advantage of Security Resources
- California's IoT Security Law Causing Confusion
- 5 Common Cloud Configuration Mistakes
- Cybercriminal's Black Market Pricing Guide
- Cyber Security Month Wrap-Up | /dev/random
- Information Security Policy Documentation: Simple is Better | Pivot Point Security
- Two-Factor Authentication and the New OWASP ASVS 4.0 | Pivot Point Security
- 6 Ways to Hack a Raspberry Pi via the Boot Partition
- sysadvent: Day 25 - The “Just” Basics
- The Windows Run Commands Cheat Sheet
- Security assessment techniques for Go projects | Trail of Bits Blog
- 11 Useful Tools to Check, Clean, and Optimize CSS Files
- How Do Forensic Analysts Get Deleted Data From Your Phone?
- Breaking Down Healthcare’s “Wall of Shame” – RBS
- Top Reasons to Stop Using Public Wi-Fi | Security Gladiators
- Evolving Threat Series: Towards a concept of Security Specification for Software Supply Chain
- Introduction to the CIS Critical Security Controls (AmherstSec Meetup December 2019) – The Personal Blog of Sean Goodwin
- Google Dorks – We are OSINTCurio.us
- Windows Incident Response: LNK Toolmarks
- APEX Authentication with a Smart Card – Part 3 (Application) | Late Night Oracle Blog
- Elasticsearch: How We’re Using it to Improve Security - Delta Risk
- How to Determine if SOCaaS is Right for Your Organization
- Secure Debian with ClamAV Antivirus
- Using PowerShell to View and Change BIOS Settings | Windows OS Hub
- Zero Day Initiative — The December 2019 Security Update Review
- Windows Incident Response: Artifact Clusters
- Windows Incident Response: ActivitesCache.db vs NTUSER.DAT
- 2019 end-of-year review part 2: July to December - IT Governance UK Blog
- Product
- Fine against hospital due to data protection deficits in patient management | European Data Protection Board
- Ad Industry Unveils Wish List For Privacy Legislation 12/04/2019
- White Paper – Negotiating with Service Providers and Third Parties under CCPA
- October 2019 Healthcare Data Breach Report
- Unpacking the FTC's comments on NIST's draft Privacy Framework
- Privacy 2030: A New Vision for Europe
- Survey: Data breaches to cost health care industry $4B
- A Black Book Market Research LLC survey found health care providers are the most targeted organizations for data breaches, which will cost the industry $4 billion by the end of 2019
- Does transfer have to be occasional if it is necessary for the performance of a contract?
- IAPP infographic: Avoiding the pitfalls of CCPA noncompliance
- CISO Tools to Build (or Tweak) a Cybersecurity Roadmap, Create Business Case and Request FundingRafeeq Rehman – Personal Blog
- (17) Model Monday - BOLD | LinkedIn
- Model Monday - 9 Stage Business Case | LinkedIn
- Making Sense Out of NPM Audit
- How SMEs can improve their data protection practices - IT Governance
- 1. Secure wireless networks
2. Keep software updated
3. Control access
4. Back up data
5. Train staff
- ISO 27701 unlocks the path to GDPR compliance and better data privacy - IT Governance UK Blog
- A 3-3-4-5 Model for CISO StrategyRafeeq Rehman – Personal Blog
- A Threat Modeling Process to Improve Resiliency of Cybersecurity ProgramRafeeq Rehman – Personal Blog
- Hacker Holiday Gift Guide (HHGG) 2019 · System Overlord
- Wireless Pentesting Part 2 – Building a WiFi Hacking Rig - The Ethical Hacker Network
- Wireless Pentesting Part 1 – An Overview - The Ethical Hacker Network
- Shadow IT: Cultivating the Garden | Security Architects Partners
- How to Randomize your Software Testing Thought Process - EvilTester.com
- Six Reasons for Organizations to Take Control of Their Orphaned Encryption Keys
- The Ten Security Stories That Shaped The Decade – JerryGamblin.com
- The Books I loved in 2019 – JerryGamblin.com
- Why GDPR compliance requires a software solution - IT Governance UK Blog
- 7 mistakes that ISO 27001 auditors make - IT Governance UK Blog
- What is the ISO 27000 series of standards? - IT Governance UK Blog
- 5 things HR departments need to know about data protection - IT Governance UK Blog
- The 5 biggest ransomware pay-outs of all time - IT Governance UK Blog
- #CQLabs 4 – from Unquoted Service Path to Privilege Escalation | CQURE Academy
- The most 7 inexcusable mistakes | CQURE Academy
- Old Skool Red Team – DiabloHorn
- Collecting and Crafting User Information from LinkedIn - Black Hills Information Security
- Rainy Day Windows Command Research Results - Black Hills Information Security
- #CQLabs – DSInternals PowerShell Module by Michael Grafnetter | CQURE Academy
- ShellBags & Windows 10 Feature Updates - Digital Forensics Stream
- Healthcare Exchange Standards: Nationwide Health Information Exchange on #FHIR
- 2019 end-of-year review part 1: January to June - IT Governance UK Blog
- Presenting Cybersecurity to the Board ~ Cyber Thoughts
- Cyber Risk Insurance Won't Save Your Reputation ~ Cyber Thoughts
- The impact of AI & HIoT related threats and recommended approaches ~ Cyber Thoughts
- A Healthcare Security Mismatch ~ Cyber Thoughts
- Migrating from VMs to Docker | Calvin Bui
- GitHub - trustedsec/physical-docs: This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
- Vulnerability Management Product Comparisons (October 2019) | Alexander V. Leonov
- Azure Active Directory's Configurable Token Lifetimes | Alexander's Blog
- Working with Office 365 Trial Subscriptions | Alexander's Blog
- Comparison of Microsoft Identity Services: AD DS, Azure AD, & Azure AD DS | Alexander's Blog
- Basic automation for WISPs and small to medium ISPs
- Test coverage of Python packages in Cisco NSO
- Run the Antidote network emulator on KVM for better performance | Open-Source Routing and Network Simulation
- Stretched Layer-2 Subnets in Azure « ipSpace.net blog
- Coders in the Hands of a Missing God: How Newly Minted Freelancers Badly Miss the Point - DaedTech
- The Lesson to Unlearn
- File systems unfit as distributed storage backends: lessons from ten years of Ceph evolution – the morning paper
- Reduce The Risk Of Ransomware By 90%, For Free, In One Day<br/>
- Ansible vs. Nornir: Speed Challenge
- Can We Build Trustable Hardware? « bunnie's blog
- Cloud-init - Part 5 - Running Containers - LucD notes
- Cloud-init - Part 4 - Running Scripts - LucD notes
- Cloud-init - Part 3 - Photon OS - LucD notes
- Cloud-init - Part 2 - Advanced Ubuntu - LucD notes
- Cloud-init - Part 1 - The Basics - LucD notes
- At Your Fingertips - LucD notes
- Why patching can make your Kenna score go up instead of down - The Silicon Underground
- How does Nessus detect vulnerabilities? - The Silicon Underground
- 5 Pivotal Events in IoT and Embedded | EE Times
- ‘Thousands Of Tools Have Come & Gone, But Ansible & Bash Have Stood The Test Of Time’
- Ransomware Attackers May Lurk for Months, FBI Warns
- How The Four Laws of Ecology Help You Solve Problems
- Three Filters Needed to Think Through Problems
- How do I Get My Team Inspired to Learn? – Don Jones®
- The 3 Final Pillars of the Cognitive Risk Framework Understanding the Elements of the CRF for Cybersecurity and ERM | TheGRCBlueBook
- Be the Master – Don Jones®
- Cognitive Governance: The First Pillar of a Cognitive Risk Framework | Corporate Compliance Insights
- UPS battery lifetime | Nelson's log
- A Cognitive Risk Framework for the 4th Industrial Revolution | TheGRCBlueBook
- The Five Pillars of a Cognitive Risk Framework include:
I. Cognitive Governance
II. Intentional Design
III. Risk Intelligence & Active Defense
IV. Cognitive Security/Human Elements
V. Decision Support (situational awareness)
- vCloudNotes : Information Sharing: AmazonS3Exception: Access Denied errors and potential causes
- CBIA Employment Law Conference: AI for HR Panel Recap | Tallan Blog
- Ransomware infects Maastricht University | Born's Tech and Windows World
- Questions4SteveB - my Home Page
- Creating a PowerShell Backup System - Part 4 • The Lonely Administrator
- Creating a PowerShell Backup System - Part 3 • The Lonely Administrator
- Valid reasons for running unauthenticated vulnerability scans - The Silicon Underground
- grocy - ERP beyond your fridge
- Disclosing vulnerabilities improves security for everyone
- GitHub - cameyo/rdpmon: Server-side RDP Monitoring Tool
- RDP Port Shield - Cameyo
- Healthcare industry needs treatment to improve data security
- The Importance of Planning in Project Management – Productivity
- The challenges of data analytics in healthcare
- Internet Archive: Offline Archive
- Chris's Wiki :: blog/linux/WorkMachinePartitioning2019
- How to Learn Microsoft Azure in 2020 - Thomas Maurer
- JBoss EAP 7 - Domain Architecture Understanding - Blog dbi services
- JBoss EAP 7 - Modules, Extensions, Subsystems, and Profiles - Blog dbi services
- JBoss EAP 7 – Domain creation - Blog dbi services
- Erman Arslan's Oracle Blog: ZDLRA -- Zero Data Loss Recovery Appliance "Fast. Integrated. Zero Data Loss" Engineered for Data Protection !
- ZDLRA
- Privacy legislation and the impact of GDPR and CCPA [Q&A]
- Only 12 percent of companies are ready for new privacy regulations
- Cyber incident ripple effects lead to increased losses
- Cybercriminals step up attacks on the healthcare sector
- Microsoft will honor Californian privacy laws across the entire US
- Ransomware sees a revival in 2019's worst cybersecurity threats
- Using a high screen resolution on Raspberry Pi 4 can kill Wi-Fi
- Wait for Java | Oracle Scratchpad
- Extended Support for Oracle Database 12.1.0.2 extended
- FinServ Data Privacy Maturity Study
- Internet Security Report - Q3 2019 | WatchGuard Technologies
- Installing Microsoft SQL Server 2019 on Linux, Part II
- Tools and commands for running SQL Server 2019 on Linux - SQL Server Blog
- Tools To Monitor and Work with Oracle on Azure
- Get Started with Windows Update for Business (WUfB) – Stick To The Script
- PowerShell Remote Alerts for Firewall | MSP360 Blog
- Signing Docker images using Docker Content Trust | Marco Franssen
- Sysadmin Stories: Check ESXi MTU settings with PowerCLI
- How to install the daloRADIUS web-based interface for FreeRADIUS - TechRepublic
- Implementing corporate laptop encryption using LUKS
- Red Hat expands coverage of CVE fixes
- Monitoring Bandwidth On Linux: Top 5 Tools in 2019
- Configuring Ansible | Enable Sysadmin
- Python CSV: Read and Write CSV files
- Overview of ycrash – finding the source of your problem - JAXenter
- iTWire - Windows ransomware is a nice little earner for Microsoft
- How to configure a VLAN in Linux | Enable Sysadmin
- How To Install Apache Tomcat 9 on Debian 10
- Security-Oriented Container Linux Gets Patched Against Latest Intel CPU Flaws
- 4K Monitors – etbe – Russell Coker
- r
- SaltStack adds automatic vulnerability remediation tool to portfolio • DEVCLASS
- Ransomware Bites 400 Veterinary Hospitals — Krebs on Security
- Using a YubiKey as a second factor for LUKS · InfoSec Handbook – information security blog
- Using a Raspberry Pi Zero to automate Fedora installation - blog'o'less
- The 10 Hottest Kubernetes Tools And Technologies Of 2019
- Composite USB Gadgets on the Raspberry Pi Zero | iSticktoit.net
- Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions
- 110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security
- The Early History of Usenet, Part VII: Usenet Growth and B-News
- The Early History of Usenet, Part VI: The Public Announcement
- The Early History of Usenet, Part V: Authentication and Norms
- The Early History of Usenet, Part IV: Implementation and User Experience
- The Early History of Usenet, Part III: File Format
- The Early History of Usenet, Part II: Hardware and Economics
- The Early History of Usenet, Part I: The Technological Setting
- StevenBellovin
- Like Voldemort, Ransomware Is Too Scary to Be Named — ProPublica
- Lumber Liquidators
- How Kubernetes Has Changed The Face Of Hybrid Cloud
- Salesforce's Rob Acker - open source NonProfit Success Pack for third sector organizations is "alive and well and staying"
- 5 tips for being the family holiday sysadmin | Enable Sysadmin
- Tip 1: Be nice
I know it seems obvious, but always try to assume good intentions when someone asks for technical help, even if you can’t (or don’t want to) help them. You spent all day in front of your screens. Your close friends and significant others might know to avoid asking you technical questions during your downtime. Your relatives who only see you a few times a year might not. Nobody wants to hear you yell at uncle Rick over slices of pumpkin pie because he asked you to help him set up his printer. Take a deep breath and approach the situation charitably.
Tip 2: Be honest
I spent almost all of my time in Linux, and I’ll often go months without touching another desktop OS. I recently spent more time than I care to admit trying to replace a hard drive in a Mac for someone, primarily because I didn’t know what I was doing. The Linux method of dd’ing the old drive to the new drive and then just resizing partitions wasn’t working so well, and I became pretty frustrated (it turns out that Migration Assistant was the right tool to use in the Mac world).
Many IT professionals are heavily specialized, and setting up the newest gadgets that your cousin just got for Christmas might not be in your wheelhouse. Be honest about that. I often tell people that I’ll happily take a quick look at an issue, but it’s not my area of expertise so I won’t spend too much time on it and that they’re better off having an expert look at their problem. Similarly, you should be transparent if you don’t want to work at all over the holidays. Everyone deserves a break, and a polite (but firm) explanation that you’re not on the clock is appropriate.
Tip 3: If you’d rather not work, provide actionable advice
You might not have any time (or interest) in being the family sysadmin over the holidays, and that’s perfectly reasonable. However, you can still be helpful without ever touching a keyboard. Many of the common complaints, such as "my computer is slow," have known solutions: registry cleaners for Windows, RAM or disk upgrades, and others. Providing just this basic information can be helpful even if you don’t want to be the one making the repairs or improvements. Instead of "I’m sorry, but I’d prefer not to work on anything over the holidays," try, "It sounds like your computer might need a hardware upgrade. I would recommend contacting a local PC repair company and asking them to look for these particular parts."
I also try to be a resource for when my friends and family bring their tech to others for repair. I’ve fielded several calls from relatives asking about whether they really needed a certain repair or software, or if someone was just trying to upsell them. This kind of help only takes a few minutes from my day, and I’m happy to help those who have inevitably helped me during my lifetime.
Tip 4: Give the gift of knowledge
I find that tech folks can be quick to just solve an issue without helping someone understand why the issue occurred in the first place. For some people, that’s fine. I have relatives that have no interest in digging into their issues, and would much rather ask an expert. However, others might show more initiative. I’ve had great success with simply sharing high-quality sources of information, such as vendor support numbers, official documentation, and forums known for their sound advice with my friends and relatives. When they run into an issue, they have somewhere to go before they pick up the phone to ask me a question.
Tip 5: Keep it simple
Finally, if you’re the type of person who really loves being the holiday sysadmin, remember to keep your solutions simple. Setting up a self-hosted Linux RADIUS server so that everyone has their own WiFi password for WPA Enterprise might be a fun project, but remember that someone has to maintain it once you leave. If you’re setting up tech for folks who prefer to remain non-technical, then try to keep your solutions as simple (and secure) as possible.
- Pipx: Installing, Uninstalling, & Upgrading Python Packages in Virtual Envs
- Ransomware at Colorado IT Provider Affects 100+ Dental Offices — Krebs on Security
- How to validate your security measures | Enable Sysadmin
- Russia Disconnects From Global Internet To Test Its Own Internet
- How to Use Ansible Vault in Playbooks to Protect Sensitive Data - Part 10
- Mozilla SSL Configuration Generator
- Designing security for an open-source, containerized, cloud-native world - SiliconANGLE
- Open Source Flan Scan Combines Nmap with Vulnerability Scanning | Decipher
- Himblick: Raspberry Pi as a digital signage box
- Episode 171 - Measuring cybersecurity with Kathryn Waldron
- Creating Interactive Dashboards from Jupyter Notebooks - Practical Business Python
- Comparison between LXC and LXD – Mi blog lah!
- Researchers Develop Open Source EEG Visualization Tool – News
- SATA HATs support up to four drives on Raspberry Pi 4 or Rock Pi 4
- Managing the Linux kernel at AWS: 'A large team of security experts' dealing with fallout from Spectre, Meltdown flaws • The Register
- Debian Releases Updated Intel Microcode for Coffe Lake CPUs, Fixes Regression
- TAA
- RipMe – Bulk image downloader for Linux | FOSS Linux
- The easiest way to deploy Django application | Codementor
- CVE patching alone is not making your Linux secure | Ubuntu
- Healthcare Industry: Open-Source is gaining momentum
- Linux check the physical health of a USB stick [ Flash drive ] - nixCraft
- badblocks
f3write
f3read
- OpenWiFi Open-Source Linux-compatible WiFi Stack Runs on FPGA Hardware
- Large Hospital System Hit by Ransomware Attack | SecurityWeek.Com
- Butterfly Network expands ultrasound access to Android devices
- TenFourFox Development: RIP, Chuck Peddle
- Security Awareness Training: Do It Well – Security For Your Business
- Curl vs. PowerShell: Which is Best for Web Commands?
- How to Automate Following Interesting Twitter Users
- How to Manage IIS Websites with PowerShell [Tutorial]
- PowerShell Objects: Learn the Foundation of PowerShell
- Military Cyber Operations: The New NDAA Tailors the 48-Hour Notification Requirement - Lawfare
- The Cyberlaw Podcast: Brad Smith on Microsoft’s Journey from Hubris to Humility - Lawfare
- US military loves Linux
- Supporting Multiple Languages In Django — Part 1 | Codementor
- DSHR's Blog: Auditing The Integrity Of Multiple Replicas
- What Is UEFI And How Does It Keep You More Secure?
- What Is JavaScript and How Does It Work?
- A Look at High and Low Earning Programs of Study – Robert Kelchen
- maps, smaps and Memory Stats! - jameshunt(.us)
- Liqid's PCIe Fabric is the Key to Composable Infrastructure - Architecting IT
- Home - Brand
- SQL Server Security from the ground up at SQLBits 2020 - Stuart Moore
- Bringing humanity to work: Digital transformation and Industry 4.0 | The IT Skeptic
- My First 3D Printer! Ender 3 Pro | b3n.org
- Ender 3 Pro
- DIY NAS: EconoNAS 2019 - briancmoses.com
- Local Administrator Audit Script - byronpate.com
- Internals of TDE Encryption scan - Microsoft Tech Community - 1059191
- Book Freak #28: A Guide to Personal Freedom | Cool Tools
- Use your words to create the life you want to live
“The first agreement is to be impeccable with your word. It sounds very simple, but it is very, very powerful. Why your word? Your word is the power that you have to create.”
Don’t swallow poison
“Taking things personally makes you easy prey for these predators, the black magicians. They can hook you easily with one little opinion and feed you whatever poison they want, and because you take it personally, you eat it up. You eat all their emotional garbage, and now it becomes your garbage. But if you do not take it personally, you are immune in the middle of hell. Immunity to poison in the middle of hell is the gift of this agreement.”
Ask questions instead of making assumptions
“If others tell us something we make assumptions, and if they don’t tell us something we make assumptions to fulfill our need to know and to replace the need to communicate. Even if we hear something and we don’t understand we make assumptions about what it means and then believe the assumptions. We make all sorts of assumptions because we don’t have the courage to ask questions.”
Avoid self criticism by always doing your best
“Just do your best — in any circumstance in your life. It doesn’t matter if you are sick or tired, if you always do your best there is no way you can judge yourself. And if you don’t judge yourself there is no way you are going to suffer from guilt, blame, and self-punishment. By always doing your best, you will break a big spell that you have been under.”
- VMware: List/Audit VMware Tools Versions | PeteNetLive
- How to Sync Azure Blob Storage with AzCopy - Thomas Maurer
- The History Of The Microphone - krypted
- OceanLotus: Hackers tried to infiltrate the network of German car manufacturer BMW | Born's Tech and Windows World
- Insides: Windows 10 19H2 development/deployment (V1909) | Born's Tech and Windows World
- Chris's Wiki :: blog/linux/ZFSSplitPoolExperience
- Chris's Wiki :: blog/spam/BlackboxAndWhiteboxFiltering
- Chris's Wiki :: blog/linux/MappingNVMeDrives
- Chris's Wiki :: blog/python/DjangoSettingsOurStructure
- The Top Mistakes You'll Make When Moving to the Cloud
- Cost Control
Not Having a Good Cloud Strategy
The cloud is riddled with vendor lock-in
Understand security models
- Uninstall Software Application with PowerShell |
- $uninstallApp = Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -Like "SomeApp*"}; $uninstallApp.Uninstall()
Get-WmiObject -Class Win32_Product | Select-Object Name | Sort-Object Name
- Welcome - Apple Support
- Everything You Wanted to Know about Apple Security but Were Afraid to Ask - TidBITS
- How Kali deals with the upcoming Python 2 End-of-Life | Kali Linux
- Getting Started with tmux Part 5 - Customization and Tweaks - YouTube
- Getting Started with tmux Part 4 - Creating and Switching Between Sessions - YouTube
- Getting Started with tmux Part 3 - Creating and Managing Windows - YouTube
- Getting Started with tmux Part 2 - Horizontal and Vertical Panes - YouTube
- Getting Started with tmux Part 1 - Overview and Features - YouTube
- New graphing tool for PipeWire debugging
- 15 Useful Firefox Keyboard Shortcuts You Should Know - It's FOSS
- P2PE Versus E2EE | PCI Guru
- PenTesting: Gaining Root Privileges on Kioptrix – ls /blog
- SEC charges IT administrator over $7 million insider trading ring | Engadget
- Malware at Wawa stores has been stealing credit card info since March | Engadget
- Boost Workplace Safety with Customized Lift Tables – Business
- Alejandra’s Top 5 Favorite re:Invent🎉 Launches of 2019 | AWS News Blog
- 1. Amazon Braket: explore Quantum Computing
2. AWS Wavelength: ultra-low latency apps for 5G
3. AWS DeepComposer: learn Machine Learning with a piano keyboard!
4. Amplify: now it’s ready for iOS and Android devs too!
5. EC2 Image Builder
- New – Amazon Comprehend Medical Adds Ontology Linking | AWS News Blog
- Check out The Amazon Builders’ Library – This is How We Do It! | AWS News Blog
- Country IPv6 ranges lists | blog.erben.sk
- Reliable USB DVB-T2 adapter for Linux | blog.erben.sk
- WinTV-DualHD
- VMware OS Optimization tool now supports Windows Server 2019 | ESX Virtualization
- VMware vSphere 6.7 U3b Released | ESX Virtualization
- Upgrading the home lab ESXi 6.5 to 6.7 - rhyshammond.com
- DoD STIGs for VMware | Ryan Birk – Virtual Insanity
- vSphere 6.7 Security Guide | Ryan Birk – Virtual Insanity
- vCloudNotes : Information Sharing: PowerCLI script to get HBA firmware and driver version for all ESXi hosts
- Virtualization The Future: VMware Ports and Protocols For VMware Products
- Raspberry Pi 4: Chronicling the Desktop Experience - Viewing PDFs - Week 9 - LinuxLinks
- How automation can optimize DevOps | Enable Sysadmin
- How to Install Custom Fonts on a Debian 10 System
- The 20 Best Raspberry Pi OS Available to Use in 2020
- Script - A Simple Command-Line Tool for Recording Your Terminal Session Activity | 2daygeek.com
- How to Setup Rsyslog Server on Ubuntu 18.04 LTS
- How to Simplify 7z Compression with Bash Aliases - Make Tech Easier
- You Know WSL is Bad for GNU/Linux Because Anti-Linux People, Microsoft and Its Propagandists, Want People to Use That | Techrights
- How To Install Kali Undercover Mode On Any Xfce Linux Distribution - Linux Uprising Blog
- Some pretty useful SQUID proxy tips & tricks - LinuxTechLab
- An open source culture | Joinup
- How to Create and Download Roles on Ansible Galaxy and Use Them - Part 9
- How to Work with Ansible Variables and Facts - Part 8
- How to Create Templates in Ansible to Create Configurations On Managed Nodes - Part 7
- How to Use Ansible Modules for System Administration Tasks - Part 6
- List Of 4 Open Source Network Asset Management Systems For Data Centers
- List of Network Asset Management Systems for Data Centers
Open-AudIT
RackTables
Kuwaiba
Ralph
- Hands-free Raspberry Pi Airdrum | The MagPi 89 - Raspberry Pi
- Osquery vs. OSSEC: Which Is Best for Linux Security in 2020?
- A profile of Cliff "Cuckoo's Egg" Stoll, a pioneering "hacker hunter" / Boing Boing
- s. Security researchers still treat the book as a touchstone
- How To Automate Directory Database And Website Backup Using Bash
- Setting the record straight on AWS and open source | AWS Open Source Blog
- How to Manage Active Directory Hosted on AWS Cloud | LinuxGAIN
- Orbifolds and Other Games - Precise Unit Tests with PyHamcrest
- Introduction to automation with Bash scripts | Opensource.com
- LXD: storage | panticz.de
- How to Automatically Disconnect Idle or Inactive SSH Sessions After Five Minutes of Inactivity | 2daygeek.com
- Copying files into a container at run time | Adam Young’s Web Log
- IT Team Support: Getting Value for Money – Technology
- How to Host a Successful Conference Call – Running Your Business
- Why Policymakers Should Repeal the Medical Device Tax
- Busy Entrepreneurs: Stay Ahead with Organizational Tips – Entrepreneurs
- State Online Sales Taxes in the Post-Wayfair Era | Tax Foundation
- Unlock Bootloader using Fastboot on Android (Detailed Guide)
- Stop hurting yourself by: Not updating the drivers and firmware in Windows and Windows Server. – Yong Rhee's Microsoft Technet Blog
- Stop hurting yourself by: Not applying the non-security updates for Windows and Windows Server. – Yong Rhee's Microsoft Technet Blog
- How to identify a strong sysadmin job applicant | Enable Sysadmin
- A beginner's guide to using Vagrant | Opensource.com
- CentOS 6 Through CentOS 8 Benchmarks On Intel Xeon Server - Phoronix
- Linux 5.5 Livepatching Tracks The System State For Better Patch Handling/Compatibility - Phoronix
- How To Enable "Run As Administrator" For A Batch File In Windows 10?
- Editing A Podcast With Audacity on Linux - YouTube
- Create Virtual CD And DVD Drives Using CDEmu On Linux - OSTechNix
- How to Increase VirtualBox HDD Size with Clonezilla - Make Tech Easier
- Low-cost, 802.11ac mesh router runs on OpenWrt
- 10 Office 365 mobile apps you must have on your phone - SharePoint Maven
- Newsletter #3 – Tools / automation and the right song | The Frog Pond of Technology
- Why the Medical Device Tax Should Be Repealed | Affordable Care Act
- Oracle_versioning_old_new.png (PNG Image, 1642 × 1018 pixels)
- Erman Arslan's Oracle Blog: Exadata/RDBMS -- Database Release Schedule + Support Dates - 19C + Exadata Image Upgrade (to the latest version // 19.3.1)
- Automate OS Image Build Pipelines with EC2 Image Builder | AWS News Blog
- Marketing Automation: 5 Methods You Need to Be Using – Marketing
- How to change careers in 12 months (or less)
- Off-Grid Cyberdeck! The Raspberry Pi Recovery Kit — BACK7.CO
- Welcome to AWS IoT Day – Eight Powerful New Features | AWS News Blog
- Secure Tunneling – You can set up and use secure tunnels between devices, even if they are behind restrictive network firewalls.
Configurable Endpoints – You can create multiple AWS IoT endpoints within a single AWS account, and set up a unique feature configuration on each one.
Custom Domains for Configurable Endpoints – You can register your own domains and server certificates and use them to create custom AWS IoT Core endpoints.
Enhanced Custom Authorizers – You can now use callbacks to invoke your own authentication and authorization code for MQTT connections.
Fleet Provisioning – You can onboard large numbers of IoT devices to the cloud, providing each one with a unique digital identity and any required configuration on its first connection to AWS IoT Core.
Alexa Voice Service (AVS) Integration – You can reduce the cost of producing an Alexa built-in device by up to 50% and bring Alexa to devices that have very limited amounts of local processing power and storage.
Container Support for AWS IoT Greengrass – You can now deploy, run, and manage Docker containers and applications on your AWS IoT Greengrass-enabled devices. You can deploy containers and Lambda functions on the same device, and you can use your existing build tools and processes for your IoT work. To learn more, read about the Docker Application Deployment Connector.
Stream Manager for AWS IoT Greengrass – You can now build AWS IoT Greengrass applications that collect, process, and export streams of data from IoT devices. Your applications can do first-tier processing at the edge, and then route all or selected data to an Amazon Kinesis Data Stream or AWS IoT Analytics for cloud-based, second-tier processing. To learn more, read AWS IoT Greengrass Adds Docker Support and Streams Management at the Edge and Manage Data Streams on the AWS IoT Greengrass Core.
- Amazon AI generates medical records from patient-doctor conversations | Engadget
- Security fails we’re kinda thankful for | Engadget
- let's give thanks for anything reminding us that hacks are supposed to be fun, and people still love making each other smile.
- Broken Headband on Bluetooth Headphones | Repair Instead of Replace – CubicleNate's Techpad
- Loctite 444
Loctite SF7452
- How to Set Up a Home Media Server with Jellyfin on Ubuntu - Make Tech Easier
- How To Find Windows 10 Product Key Using CMD, PowerShell, And Windows Registry?
- wmic path softwarelicensingservice get OA3xOriginalProductKey
- How To Block A Program From Accessing The Internet In Windows 10?
- Now You Can Run Ubuntu Touch OS On Raspberry Pi 3 With Touchscreen
- This Smartphone Microscope Will Let You See Your Own Blood Cells
- 4 Ways to get a Detailed Laptop Battery Report on Debian 10
- Worried about 5G and Cancer? Here’s Why Wireless Networks Pose No Health Risk - TidBITS
- The Cross-Platform Source Explorer Sourcetrail is Now Open Source - It's FOSS
- How to Clear Systemd Journal Logs - Linux Handbook
- How to Create Ansible Plays and Playbooks - Part 5
- AWS Compute Optimizer – Your Customized Resource Optimization Service | AWS News Blog
- AWS Outposts Now Available – Order Yours Today! | AWS News Blog
- How to fork a GitHub repository and contribute to an open source project | SQL DBA with A Beard
- DNUG Domino Day 2019 – First Look into Domino 11 | eknori.de
- 30 Years of Notes-Domino
- Our first annual family meeting
- ContractZen: The Complete Corporate Governance Hub – Business
- Red Hat strengthens commitment to open source tooling, joins new working group - Red Hat Developer
- Cooling off your Raspberry Pi 4
- Red Hat Responds to ZombieLoad v2 Security Vulnerabilities Affecting Intel CPUs
- The rise of the network edge and what it means for telecommunications
- IT Salary 2020
- Top 15 Best Security-Centric Linux Distributions of 2019
- Red Hat Enterprise Linux and CentOS Now Patched Against Latest Intel CPU Flaws
- Amazon’s Ring Doorbells Sent Wi-Fi Passwords in the Clear - TidBITS
- How to Make Medium Work for You: 6 Strategies – Business Ideas
- Factors That Affect Workplace Performance – Productivity
- Best practices: Go and Oracle - Guy Harrison - Medium
- AI determines how much help Shakespeare had writing a play | Engadget
- Hitting the Books: Humans are responsible for the antics of our AIs | Engadget
- Announcing Firelens – A New Way to Manage Container Logs | AWS News Blog
- Dynamically Creating Azure Data Studio Notebooks with PowerShell for an Incident Response Index Notebook | SQL DBA with A Beard
- Site Reliability Engineering: How Google Runs Production Systems – Book Review – DB-Tune
- “Embrace the idea that systems failures are inevitable, and therefore teams should work to optimize to recover quickly through using SRE principles.”
- Erman Arslan's Oracle Blog: EXADATA -- Connecting to the nodes using the Serial Management Port (RJ45-DB9-RS232-USB) + Connecting to the Cisco switch via CAT-5
- 8 great podcasts for open source enthusiasts | Opensource.com
- Zombieload V2 TAA Performance Impact Benchmarks On Cascade Lake - Phoronix
- Zombieload V2 TAA Performance Impact Benchmarks On Cascade Lake - Phoronix
- TeXstudio - A cushty yet nerdy LaTeX frontend
- Python and fast HTTP clients
- 7 Java tips for new developers | Opensource.com
- Security advice for sysadmins: Own IT, Secure IT, Protect IT | Enable Sysadmin
- A low-cost, open-source, computer-assisted microscope | ブログドットテレビ
- Pirelli's 5G tire warns other vehicles about dangerous road conditions | Engadget
- Stanford's new tech-laden hospital includes pill-picking robots | Engadget
- Some words about SOUG Day in Lausanne - Blog dbi services
- Create a PowerShell Notebook for Azure Data Studio with PowerShell | SQL DBA with A Beard
- Everything you need to know about Grace Hopper in six books | Opensource.com
- VLANs for sysadmins: The basics | Enable Sysadmin
- An Overview at the New Azure Stack Portfolio - Thomas Maurer
- Will Europe Succeed At Democratizing The Cloud? - TFiR: Open Source & Emerging Technologies
- MSDN Magazine Issues | Microsoft Docs
- Why Work is Getting in the Way of ... Work | APMdigest - Application Performance Management
- ThousandEyes Releases Internet Insights | APMdigest - Application Performance Management
- CKA Labs (18): Kubernetes Metrics Server for CPU and Memory Monitoring -
- FAQ: Windows 10 Enterprise LTSC 2019 Explained | Windows OS Hub
- LG open-sources Auptimizer, a tool for optimizing AI models | VentureBeat
- Auptimizer
- Linux Journal is Offline, But the Articles Will Come Back | Techrights
- Creating Your First Windows Docker Image [Tutorial]
- Equifax Data Breach Update: Backsliding | Electronic Frontier Foundation
- RipMe Is An Easy To Use Bulk Image Downloader (GUI And CLI) - Linux Uprising Blog
- Business Travel: How to Manage It Right – Running Your Business
- Digital Transformation: A Company Make-Over – Running Your Business
- Cloud Accounting and Taxation: A New Paradigm – Running Your Business
- Install CentOS 8 on VirtualBox - Blog dbi services
- A simple Terraform script to create an AWS EC2 playground - Blog dbi services
- Demographics vs Psychographics for Machine Learning « Oralytics
- Connect to ActiveDirectory with ldapsearch on Unix – Laurent Schneider
- Intel unveils its first chips built for AI in the cloud | Engadget
- Chris's Wiki :: blog/sysadmin/AutomatedEmailSourceFooter
- Azure Synapse Analytics new features | James Serra's Blog
- Archiving and deleting 23andMe | Nelson's log
- These 10 Android Devices Can Be Hacked Into Spying On Their Owners
- My System Administration Ethics book has been published
- How Power Over Ethernet (PoE) Works | Hackaday
- Hospitals Impacted By Data Breach Have Increased Death Rate: Study
- Why Everyone Working in DevOps Should Read The Toyota Way – zwischenzugs
- Finding USB Bugs The Hard Way | Hackaday
- The Blessings And Destruction Wrought By Lead Over Millennia | Hackaday
- GitHub - markszabo/FakeBeaconESP8266: Fake beacon frames for ESP8266 using the Arduino IDE
- WiFi Messages
- Advertise Your Conference Schedule Via SSID | Hackaday
- ESP8266 Broadcasts Memorial WiFi Spam | Hackaday
- Unix Tell All Book From Kernighan Hits The Shelves | Hackaday
- Testing Suspicious emails using Windows Sandbox | Tallan Blog
- Creating a PowerShell Backup System Part 2 • The Lonely Administrator
- Creating a PowerShell Backup System • The Lonely Administrator
- Mako “Things I Like”: 2018 – Furrygoat
- Mako “Things I Like”: 2017 – Furrygoat
- CPU and Device Shares in Libvirt – ZenCoffee Blog – random notes, guides, and thoughts…
- High Disk I/O Usage - Part Two – ZenCoffee Blog – random notes, guides, and thoughts…
- High Disk I/O Usage by a VM? – ZenCoffee Blog – random notes, guides, and thoughts…
- How to use Java 13 features with Java 8-Part 4( JDeps and multi-jars)
- How to use Java 13 features with Java 8- Part 3 (How to find deprecated methods)
- How to use Java 13 features with Java 8- Part 2 (Adding support modules)
- How to use Java 13 features with Java 8- Part 1
- How to use Java 13 features with Java 8- Part 1
- 3 reasons Java developers switch to JDeli from ImageIO
- Improved Garbage Collection in Java 13
- The Open Source Smart Home | Hackaday
- An Open Hardware Laser Engraver For Everyone | Hackaday
- Will The Real UNIX Please Stand Up? | Hackaday
- RPi4: Now Overclocked, Net-Booted, And Power-Sipping | Hackaday
- Career Development: A Guide for Mentoring Your Employees – Ideas
- Bash Script to Generate Patching Compliance Report on CentOS/RHEL Systems | 2daygeek.com
- The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up | Techdirt
- 4 Way to Find Which Process is Listening on a Specific Port - Putorius
- The Top & Fastest Growing Open Source Projects On GitHub In 2019
- A sysadmin's guide to configuring an email server | Enable Sysadmin
- 6 Excellent Free Books to Learn TeX - LinuxLinks
- How automation can boost your security compliance | TechBeacon
- Basic troubleshooting with telnet and netcat | Enable Sysadmin
- 4 container usage takeaways from the 2019 Sysdig report - Red Hat Developer
- » Small computers find an industrial niche
- Cyber Defense | 16 Things to Know About John Hubbard and our NEW SEC450: Blue Team Fundamentals - Security Operations and Analysis course | Part 2 | SANS Institute
- Cyber Defense | 16 Things to Know About John Hubbard and our NEW SEC450: Blue Team Fundamentals - Security Operations and Analysis course | Part 1 | SANS Institute
- Five Main Differences between SIEM and UEBA
- Point-in-time vs. Real-time Analysis
Manual vs. Automated Threat Hunting
Logs vs. Multiple Data Types
Short vs. Long-Term Analysis
Alerts vs. Risk Scores
- Myth Busters: How to Securely Migrate to the Cloud
- Human-Centered Security: What It Means for Your Organization
- All Cybersecurity Is Not Created Equal - Linux Included
- Security, Privacy and Confidentiality: What's the Difference? - Mike Chapple, CISSP, Ph.D.Mike Chapple, CISSP, Ph.D.
- Windows Incident Response: Registry Analysis
- Windows Incident Response: A Brief History of DFIR Time, pt II
- Ineffective Response and Perverse Insurance Incentives Compound Ransomware Problems | Security Architects Partners
- Enterprise DevSecOps: How Security Works With Development
- MegaCortex Ransomware Changes Windows User Password | Born's Tech and Windows World
- PowerShell – Run command in Batches of 100 | geekdudes
- IBM and McAfee primary backers of new open source cybersecurity group | FierceTelecom
- Open source Raspberry Pi microscope project - Geeky Gadgets
- Things to Do Before Starting Your Own Business – Business Ideas
- Released: SQL Assessment API (GA) - Microsoft Tech Community - 989677
- The Nonprofit's Guide To Inclusive Walking Meetings: Strolling Meetings | Beth's Blog
- Seeing what changed in a docker containers file system -- Prefetch Technologies
- A Pattern Language | Cool Tools
- DeployHappiness | AD Documentation and Health Checks with PowerShell
- What do we say to health checking Active Directory? – Evotec
- Ransomware Payments Rise as Public Sector is Targeted, New Variants Enter the Market
- Ransomware Sentiment After a Summer of Headlines
- Windows 7 Extended Security Updates (ESU) reuirements | Born's Tech and Windows World
- 40 Useful Linux Network Commands for Modern SysAdmins
- What Are The Best Books For AI For Beginners? - Fossbytes
- Artificial Intelligence – A Modern Approach (3rd Edition)
Life 3.0: Being Human in the Age of Artificial Intelligence
Artificial Intelligence: The Basics
Speech and Language Processing
Deep Learning (Adaptive Computation and Machine Learning series)
- GIT Flashcards
- Servicing Update for SQL Server 2019 RTM (GDR) - Microsoft Tech Community - 978207
- Announcing Performance Optimized Storage Configuration for SQL Server on Azure VMs with SQL VM RP - Microsoft Tech Community - 891583
- APEX 19.2 : Vagrant and Docker Builds | The ORACLE-BASE Blog
- Midlands Microsoft 365 and Azure User Group – November 2019 | The ORACLE-BASE Blog
- 5 ways for healthcare providers to build a fortress against cyber threats
- Educate employees about phishing attacks.
Beware of ransomware.
Have a top-down security program.
Make sure vendors have protection.
Update passwords often.
- New system helps defend critical infrastructure from attack
- Insecure file transfers leave organizations at risk
- Understanding the network plumbing that makes Kubernetes pods and services work -- Prefetch Technologies
- Penetration Tests Take Hackers To A Whole New Level - LinuxTechLab
- EU patches 20-year-old open source vulnerability
- The Leading Causes of IT Outages - and How to Prevent Them | APMdigest - Application Performance Management
- Java License Fallout Continues Impacting IBM i Shops - IT Jungle
- GNU Health: 10 years of Freedom and Equity in Healthcare | MeanMicio
- New Performance Monitor for Windows Server - Thomas Maurer
- Talking About Cloud Computing - 2019 | DennisKennedy.Blog
- A Guide to Cable Management – Running Your Business
- Dell EMC Enterprise Storage Analytics 5.0 – Dell EMC PowerMax with VMware
- Playing Blu-Ray discs with VLC | Fun with virtualization
- Understanding Premium Azure File Storage – Notes from MWhite
- Top 20 Best Linux NAS Solutions and Linux SAN Software
- Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks | The Daily Swig
- The goldsmith and the chaos warrior: a typology of workers – The Open Sourcerer
- How to Install and Use a Vulnerability Scanner in Linux - Make Tech Easier
- » company it takedown by ransomeware by 0-day in the Bonjour utility for iTunes – followup to emotet and trickbot | dwaves.org
- Background Checks: A Hiring Essential – Administrivia Learn What to Expect
- An Illustrated Guide to Some Useful Command Line Tools - WezM.net by Wesley Moore
- Product vs. project in open source | Opensource.com
- First Windows 'BlueKeep' Attacks Spotted Installing Cryptocurrency Miners
- Norsk Hydro reveals initial cyber insurance payout | Insurance Business
- Cloning a MAC address to bypass a captive portal - Fedora Magazine
- Bootlin's Best Techniques For A Smaller Kernel + Faster Boot Times - Phoronix
- 25 Python Logging examples – Linux Hint
- The Enough Curve: Consider the Ongoing Costs Of Your Purchases — My Money Blog
- How to Use Static and Dynamic Inventories in Ansible - Part 4
- Bash Read Comma Separated CSV File on Linux / Unix - nixCraft
- Taking Itinerary to the Next Level – Kai Uwe's Blog
- Understanding Boxplots | Codementor
- The simplest dpkg you will ever build - James
- Import VirtualBox Images to GNS3 – Linux Security Blog
- Explaining Docker Volumes With Examples - OSTechNix
- Awk one-liners and scripts to help you sort text files | Opensource.com
- 6 remarkable features of the new United Nations open source initiative | Opensource.com
- Sixi 2, An Open Source 3D Printable 6 Axis Robot Arm | Hackaday
- darkport | Ahh shhgit!
- Supercharge your research: a ten-week plan for open data science
- How to Enable Timestamp in Linux History Command Output
- Microwaves enable painless, radiation-free mammography - Japan Today
- Getting Started with Haxe - Programming Blog
- My Metasploit Cheat Sheet - krypted
- SQL Server Books
- Your Dashboards Still Suck - Thomas LaRock
- HOWTO: Use Domain and OU Filtering to limit the objects in scope for Azure AD Connect - The things that are better left unspoken
- DHCP Does Not Set Default Gateway – Thin Light
- Learn about Azure Stack Migration in this Video Series - Thomas Maurer
- Hyperconverged Infrastructure Part 1 - A Modern Infrastructure for Modern Manufacturing | APMdigest - Application Performance Management
- System Logs on ESXi Host are Stored On Non-Persistent Storage | Windows OS Hub
- How to Measure Storage Performance and IOPS on Windows? | Windows OS Hub
- On the Usability of OSI Layered Networking Model « ipSpace.net blog
- Saved: TCP Is the Most Expensive Part of Your Data Center « ipSpace.net blog
- How Complex Systems Fail - How Complex Systems Fail.pdf
- Samba 4.12 Bringing Much Faster Encryption Performance With GnuTLS - Phoronix
- BlueKeep now being used in attacks – but the sky isn’t falling @ AskWoody
- Migrating an EFI Linux Install to a new Server – blog.kroy.io
- Windows 10 v1903: Mouse stutter with RDP sessions | Born's Tech and Windows World
- Windows: Timeout with TLS connections [Workaround] | Born's Tech and Windows World
- VMware ESXi 6.5, Patch Release ESXi650-201910001 | Born's Tech and Windows World
- System76 Launches Two Linux Laptops Powered by Coreboot Open-Source Firmware - Updated
- Get server(s) power consumption | panticz.de
- Using PowerShell ArrayLists and Arrays [Tutorial]
- How to Find your Next Awesome Tech Job
- The Windows Virtual Desktop Technology Partner Cheat Sheet v2.0
- How to Install Stratis to Manage Layered Local Storage on RHEL 8
- 10 Best Flowchart and Diagramming Software for Linux
- How to Configure Ansible Managed Nodes and Run ad-hoc Commands - Part 3
- How to Install and Configure an Ansible Control Node - Part 2
- Understand Core Components of Ansible - Part 1
- Setup a Centralized Log Server with Rsyslog in CentOS/RHEL 8
- VMware’s Joe Beda: Enterprise Open Source Is Growing
- online home renovation platform
- How to Create a Windows 10 Installer USB from Linux - Make Tech Easier
- UNIX Co-Founder Ken Thompson's BSD Password Finally Cracked
- Agile project management: 10 reasons to use it | The Enterprisers Project
- DHCP + PING = DHCPING = Testing DHCP Availability - Putorius
- Linux find NVMe SSD temperature using command line - nixCraft
- Power Cycling PCIe Devices from the Command Line – CubicleNate's Techpad
- Malware uses web apps to turn PCs into conduits for attacks | Engadget
- Review: Keyboardio Model 01 keyboard
- How to Install TWRP
- TWRP and Android 10
- MIT’s algorithm could improve imaging techniques used during pregnancy | Engadget
- Wisconsin firms hope to make radioactive isotopes for nuclear medicine (updated) | Engadget
- Google wants to give doctors web-like searches for medical records | Engadget
- APEX 19.2 Download Available | The ORACLE-BASE Blog
- What’s new with Oracle database 19.5 versus 19.4 | Frits Hoogland Weblog
- What’s new with Oracle database 18.8 versus 18.7 | Frits Hoogland Weblog
- The Complexity Defense and Other DBA Crimes
- Changing Your Bash Shell Prompt and Colors
- Erman Arslan's Oracle Blog: ODA-- Health Check Reports // the control points & the subtitles
- Erman Arslan's Oracle Blog: ODA X6-2 HA -- Virtualized // Network Architecture / Internal NFS and fault tolerant cabling
- Get TLS for OpenFaaS the easy way with k3sup
- Unix50 – Unix Today and Tomorrow: Future of Compute & Platforms: The Kernel | Fun with virtualization
- Just one more esxi-guy: Some cool esxcli iscsi commands
- Just one more esxi-guy: Some cool esxcli system commands
- LiveCDCustomization - Community Help Wiki
- Weekend Project: Create a Live USB Key Linux Distribution - Linux.com
- How to Troubleshoot Java CPU Usage Issues | APMdigest - Application Performance Management
- Provisioning a AKS cluster and KubeInvaders with Terraform - Blog dbi services
- Is Wannacry back? | Born's Tech and Windows World
- AI can help doctors spot brain hemorrhages faster | Engadget
- New version of Upgrade / Migrate / Consolidate to Oracle 19c uploaded
- DoD's $10 billion 'Jedi' cloud contract goes to Microsoft over Amazon | Engadget
- LucidLink Filespaces: It’s Object Storage But Not As You Know It – Ather Beg's Useful Thoughts
- Creating a VM on Oracle Always Free « Oralytics
- Oracle memory troubleshooting using analysis on heapdumps, part 2 | Frits Hoogland Weblog
- Oracle memory troubleshooting using analysis on heapdumps | Frits Hoogland Weblog
- 10 Tips for Standing Out in a Job Interview – Business Ideas
- The secret to easy organisational change: hacking the org. | The IT Skeptic
- Kill the restructure | The IT Skeptic
- Free Microsoft Teams Course from Microsoft Learn - Tom Talks
- Technical Renewal Cycles - SysAdmin1138 Expounds
- Updating “Weird Al” Yankovic’s track It’s All About The Pentiums – Stick To The Script
- Group Policy Preferences and Client Side Extensions | PeteNetLive
- PowerCLI: Connect-VIServer Certificate Errors | PeteNetLive
- Chris's Wiki :: blog/solaris/ZFSFullQuotaPerformanceIssue
- Chris's Wiki :: blog/programming/TestsNotInCIProblem
- Use PowerShell to Get Drive List and Capacity | Life of a Geek Admin
- Python – Search registry key | geekdudes
- PowerShell – password expiration reminder | geekdudes
- Windows 7 Extended Security Updates (ESU) Explained - Daniel Engberg
- Cyber attac (DDoS) at Amazon AWS | Born's Tech and Windows World
- Microsoft Introduces Secured Core PCs w. Firmware Protection | Born's Tech and Windows World
- Understanding LDIF: LDF Files for LDAP Directories
- New-ADUser: Creating Active Directory Users with PowerShell
- Notes client doesn’t launch after upgrade: SOLVED | The Notes Guy in Seattle
- 20 years in IT, here’s what I’ve picked up along the way
- The Great Rack Migration – D1541 – blog.kroy.io
- Configuring HP BIOS settings using Intune Win32app and PowerShell – CCMEXEC.COM – Enterprise Mobility
- IT failure stops production at German car manufaturer Porsche | Born's Tech and Windows World
- Ransomware hits global shipping company Pitney Bowes | Born's Tech and Windows World
- Cyber attacks at Rheinmetall and Airbus contractors | Born's Tech and Windows World
- Microservices architecture best and worst practices – Dimitri's Wanderings
- Managing Legacy Backups - Architecting IT
- 4 Extra-Curricular Activities You Should Engage Children In | Penniless Parenting
- The DRY Principle: How to Write Better PowerShell Code
- Automating Azure Usage Reports with PowerShell
- Essential Steps for Starting a Business – Business for Beginners
- What happened to Early Retirement Extreme? An update from Jacob Lund Fisker
- Yes, Health Insurance Costs Impacted My Early Retirement (FIRE) Plans — My Money Blog
- Electronic Signature: 4 Important Ways to Use It – Running Your Business
- Travel Tech for my 10 days of travel with my parents to Germany, Austria, Czech Republic and Italy before and after 2019 Veeam Vanguard Summit in Prague | TinkerTry IT @ Home
- Homelab part 2 -
- m
- DTA 537000 – VMFS corruption with XCOPY – Dell EMC PowerMax with VMware
- vCenter Server Appliance: A Tale of Rejuvenation – doOdzZZ'sNotes
- Updating vSphere Customized Images: The VIB Space Conflict – doOdzZZ'sNotes
- Building a Home Fibre Router Firewall | Long White Virtual Clouds
- Change management VLAN on Ubiquiti UniFi Hardware and Controller - The time I've wasted on technology...
- Available for IT Consulting Services - The time I've wasted on technology...
- Another Vester Test file generator and more vCenter checks | Adventures in a Virtual World
- Kubernetes Homelab with Raspberry Pi and k3sup
- OpenFaaS Cloud for Development
- Get a LoadBalancer for your private Kubernetes cluster
- What is Microsoft Stream? - SharePoint Maven
- Solr Sharding - Concepts & Methods - Blog dbi services
- CBO Oddities – 1 | Oracle Scratchpad
- Patching all my environments with the Oct 2019 Patch Bundles
- Oracle Fail Safe is deprecated with Oracle Database 19c
- Creating a customized PostgreSQL container using buildah - Blog dbi services
- Oracle 19c - Blog dbi services
- Migrating Oracle database from windows to ODA - Blog dbi services
- Using non-root SQL Server containers on Docker and K8s - Blog dbi services
- Oracle on Azure- Options, Options, Options
- Solving accountability for ssh/linux servers without creating personal accounts | Frits Hoogland Weblog
- What’s new with Oracle database 19.4 versus 19.3 | Frits Hoogland Weblog
- What’s new with Oracle database 18.7 versus 18.6 | Frits Hoogland Weblog
- What’s new with Oracle database 12.2.0.1.190416 versus 12.2.0.1.190716 | Frits Hoogland Weblog
- When it comes to deduplication, block size is critical | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- Migrating from PowerShell ISE to Visual Studio Code | The Frog Pond of Technology
- Getting SQL Server installation date with PowerShell using dbatools | SQL DBA with A Beard
- USB Storage with iOS 13: The FAQ - TidBITS
- When terms shift - SysAdmin1138 Expounds
- GitHub - RolandPheasant/TailBlazer: A modern file tail utility based on Rx.Net which show cases reactive programming and Dynamic Data (see https://github.com/RolandPheasant/DynamicData)
- Managing Windows Updates with Group Policy – Stick To The Script
- Find The Azure AD Join Type | PeteNetLive
- Chris's Wiki :: blog/spam/MalwareBeingClear
- Python fundamentals part IV – Scope resolution – LEGB rule | geekdudes
- Python fundamentals part V – importing modules | geekdudes
- Disk > Mdadm > LVM – it's notes
- Pyhon fundamentals part VI – OOP concepts | geekdudes
- Building an Active Directory Health Check Tool [In-Depth]: Part II
- Building an Active Directory Health Check Tool [In-Depth]: Part I
- Configuring Dell BIOS Settings using Intune Win32App and PowerShell – CCMEXEC.COM – Enterprise Mobility
- The latest supported Visual C++ downloads
- Why Debian Is the Gold Standard of Upstream Desktop Linux | FOSS Force
- An overview of compliance features in SharePoint and Office 365 - SharePoint Maven
- Subplot
- Tips on how to take Microsoft Azure Certification Exams - Thomas Maurer
- How Americans Spend Their Money » Money Boss
- How to Change the Windows Terminal Background Image - Thomas Maurer
- Ways to access data in ADLS Gen2 | James Serra's Blog
- Image based upgrades: Upgrading software and OS of 80k servers every two weeks - Philipp's Tech Blog
- Domain Controller Cloning on VMware vSphere - The things that are better left unspoken
- Chris's Wiki :: blog/sysadmin/BinatAndSplitHorizonDNS
- How to Backup AWS S3 Buckets – it's notes
- The Perfect Media Server 2017
- Install minio Ubuntu – it's notes
- restic with MinIO Server – it's notes
- Powershell – Check if machine IP is in range | geekdudes
- Powershell – Get Memory,CPU and Free Disk space | geekdudes
- Chris's Wiki :: blog/unix/ChrootFtpdAndContexts
- Windows 7/Server 2008/R2: 0patch delivers security patches after support ends | Born's Tech and Windows World
- Powershell Script to Configure Outlook Signatures - Daniel Engberg
- Python fundamentals part III – Boolean,for loops,while,zip,iterators,functions,args and kwargs | geekdudes
- Python fundamentals part II – file manipulation | geekdudes
- Python fundamentals part I – basic data types | geekdudes
- Your Guide to Updating to PowerShell 7
- Hacking a serial port into an EdgeRouter X – blog.kroy.io
- Microsoft Security Update Summary (September 10, 2019) | Born's Tech and Windows World
- Chris's Wiki :: blog/sysadmin/PrometheusFindUnpairedMetrics
- Chris's Wiki :: blog/programming/GoBinaryStructureNotes
- PowerShell WhatIf: How Your Bacon is Saved
- NuGet and IIS on Windows Server: Ultimate Guide
- PsExec: The Ultimate Guide
- Chris's Wiki :: blog/tech/TLSCertVerifyTwoParts
- NJCCIC
- Writing_Style_Guide.pdf
- Waves at Bessel-on-Sea | Tinkerings
- A dentist made a game in MS Paint and it's terrifying
- Not even Allbirds is safe from Amazon's copycat ways
- ClearView – Zero Configuration Web Server Monitoring Tool – Techno Chat|Tech Blog!!
- The Value of Training and Certification at VMworld 2019 Europe - VMware Education Services
- “team members who have been through VMware training are much more resourceful and valuable to the organization than those who have not.”
- Why an IT Guy Is Essential in 2019 – Running Your Business
- Be careful when using DAOS and compact -c -ZU | eknori.de
- As of Domino 10.0.1 FP2, -ZU will pull all attachments of a DAOS enabled application back into the application!
- Oracle 19c : Point-In-Time Recovery in a PDB - Blog dbi services
- When Read-Scale availability groups and Windows Failover Cluster are not good friends - Blog dbi services
- About VMSA, CVE, CVSS and more | Adventures in a Virtual World
- The Five Pressures of Leadership
- 1. Unclear boundaries
2. Pay
3. Working with volunteers
4. Burden of responsibility
5. Loneliness
- Virtualization The Future: How to Create Custom Docker Images - Part 8
- State Farm Security Fail – The Wacky World of Chris Knight
- Basics: Handling a Failed Backup | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, PowerProtect, CSM
- Multitenant : Massive Changes in 19c and 20c | The ORACLE-BASE Blog
- ODA X8-2: the new generation - Blog dbi services
- Redefining Hyper Converged Infrastructure — ThinkCharles.net
- Terraform Cloud – Step by step configuration | JohannStander
- SAN vs. NAS: Comparing two approaches to data storage | Enable Sysadmin
- Blue's Yeti X microphone comes with everything you need to sound like a pro
- AI can gauge the risk of dying from heart conditions
- If you’re not using SSH certificates you’re doing SSH wrong - smallstep
- Moving oracle database to new home on ODA - Blog dbi services
- Millions of Americans' medical records are out in the open on the internet
- Alleged JPMorgan hacker set to plead guilty
- Andrei Tyurin
- SIM-based attack has been used to spy on people for two years
- ANSI or Oracle Style Joins? – ThatJeffSmith
- Ansible Blocks With Conditionals - EverythingShouldBeVirtual
- Installing the windows subsystem for linux and use Terraform with VS Code | JohannStander
- Checking power settings on VMs using powershell • My Virtual Vision
- The Memory/Storage Hierarchy | The SSD Guy
- Cyber Security Roundup for August 2019 - Security Boulevard
- Scaling-Up and Automating Web Application Security - Security Boulevard
- How to get a big picture of K8s pods and PVs by script - Blog dbi services
- Taking Health Care Out of the Ransomware Hot Seat - Security Boulevard
- What is the CCPA and Who Must Comply? The California Consumer Privacy Act Explained - Security Boulevard
- Top 5 Back to School AppSec Tips for Developers
- #1 Be Security Minded
#2 Embrace Automated Testing
#3 Keep Your Code Secure from Prying Eyes
#4 Keep Your Dependencies Up to Date
#5 Beware the Input Validation Error — Test, Test, Test
- A Cyber Incident Response Plan for Your Web Applications - Security Boulevard
- Why Most Organizations Still Can’t Defend against DCShadow – Part 2 - Semperis
- Why Most Organizations Still Can’t Defend against DCShadow - Semperis
- CISOs in the Boardroom: Translating Tactical Cybersecurity into Business Objectives - Security Boulevard
- What’s it like being a cybersecurity risk analyst? - Security Boulevard
- Review of Apache Struts vulnerabilities yields 24 updated advisories - Security Boulevard
- Serverless Security Explained - Security Boulevard
- How GDPR, CCPA impact healthcare compliance - Security Boulevard
- 50 Valuable PCI Compliance Tips
- 5 Modern Skills for Modern Chief Information Officer (CISO)
- 1. Financial Fluency
2. Communication Skills
3. Empathy
4. Technical Chops
5. Ambition
- Three Ways for Healthcare to Handle Cyber Threats - Security Boulevard
- How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack - Security Boulevard
- HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies - The things that are better left unspoken
- Overview of NIST 800-171b: What you need to know
- URGENT/11 – New ICS Threat Signatures by Nozomi Networks Labs - Security Boulevard
- The Benefits, Characteristics and Components of Flyaway Kits for Incident Response | Bricata
- Detecting Cars With An ESP8266 Magnetometer | Hackaday
- Migration to Github Pages! – ZenCoffee Blog – random notes, guides, and thoughts…
- Kubernetes Pentest Methodology Part 2 | CyberArk
- Kubernetes Pentest Methodology Part 1 | CyberArk
- The Top Five Cybersecurity Issues Trending in 2019 - Security Boulevard
- 1. Phishing Attacks
2. IoT Ransomware
3. Increased Data Privacy Regulation
4. Cyber Attacks on Mobile Devices
5. Increased investment in automation
- Understanding CCPA: It's Time to Action a Plan for Compliance - Security Boulevard
- 7 most common application backdoors
- The Four Pillars of CASB: Threat Protection
- 20 Surprising IoT Statistics You Don’t Already Know - Security Boulevard
- SSH Key Management Without the Hassle | JumpCloud
- How To Handle HIPAA Compliance with Serverless Security | Protego
- HIPAA Compliance Checklist - Threat Stack
- 10 of the Most Significant Ransomware Attacks of All Time
- Introducing Accelerated Database Recovery with SQL Server 2019 - Blog dbi services
- Transaction / Regular Paper Title - govins20.pdf
- The Cyberwar In Yemen - VICE
- InfoSec Handlers Diary Blog - Verifying SSL/TLS configuration (part 1)
- The Cost of Dealing With a Cybersecurity Attack in These 4 IndustriesSecurity Affairs
- Healthcare providers can improve their third-party vendor management - Security Boulevard
- Zero Day Initiative — The August 2019 Security Update Review
- Windows Incident Response: A Brief History of DFIR Time, pt I
- The five basic data privacy rules - VinciWorks Blog
- Privilege Escalation Cheatsheet (Vulnhub)
- Guide to Red Team Operations
- NBlog - the NoticeBored blog: NBlog Aug 20 - cyber-insurance standard published
- NBlog - the NoticeBored blog: NBlog Aug 19 - extending the CIS security controls
- Pentagon Buys Equipment With Known Vulnerabilities: Audit
- Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering
- VulnWhisperer - Create Actionable Data From Your Vulnerability Scans
- Backup is Your Responsibility - Even in Public Cloud - Architecting IT
- More Than 99% of Cyberattacks Need Victims' Help
- Remembering Gene Crick, Digital Rights Pioneer | Electronic Frontier Foundation
- Automated incident response in Office 365 ATP now generally available
- OWASP ASVS Version 4.0 Controls Checklist Spreadsheet + 5 Benefits | Pivot Point Security
- OWASP ASVS
- Securing Software on Healthcare IoT Devices - ShiftLeft Blog
- Build a Kali Linux ISO with the latest OS patches and packages | slice2
- Apache Struts Security Advisories updated after review | Synopsys
- History Doesn't Repeat Itself in Cyberspace
- 8 Head-Turning Ransomware Attacks to Hit City ...
- Demystifying New FIDO Standards & Innovations
- Transforming 'Tangible Security' into a Competitive ...
- Calculating the Value of Security
- The 10 Essentials of Infosec Forensics
- 'IBM PC Compatible': How Adversarial Interoperability Saved PCs From Monopolization | Electronic Frontier Foundation
- Retadup Worm Squashed After Infecting 850K Machines
- Retadup
- Annual global data breach costs to exceed $5 trillion by 2024: report
- ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019 | Threatpost
- NIST Lays Out Roadmap for Developing Artificial Intelligence Standards - Nextgov
- The health record interoperability dilemma
- 'It Saved Our Community': 16 Realistic Ransomware ...
- It's Not Healthy to Confuse Compliance with Security
- The Philosophy Behind My New Product Discovery Idea | Daniel Miessler
- GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
- Very Short Introduction to Data Science Terminology
- Understand Machine Learning in 6 Minutes - Towards Data Science
- 4 to-do list managers for the Linux desktop | Opensource.com
- 4 Different Rules of Thumb For How Much House You Can Afford — My Money Blog
- Causes of Wealth: Reality vs. News Coverage — My Money Blog
- Supply-Chain Security in Open-Source Software « ipSpace.net blog
- An Open Letter To IT Recruiters | Advanced Persistent Security
- Improving BGP routing security by minding your MANRS | CSO Online
- Can VMware become a leading cybersecurity vendor? | CSO Online
- 4 Reasons Waiting to Switch to the Cloud May Cost You | CSO Online
- Why cybersecurity is a central ingredient in evolving digital business models | CSO Online
- Summary: Never Split the Difference | Daniel Miessler
- A Conversation with Ken Modeste | Daniel Miessler
- Day-1 Skills That Cybersecurity Hiring Managers Are Looking For | Daniel Miessler
- The Definition of a Green Team | Daniel Miessler
- How to Check the Software and Hardware Version of a Raspberry Pi | ozzmaker.com
- VMware Tools installation and upgrade tips and tricks - ivobeerens.nl
- Nmap Idle Scan tutorial – Linux Hint
- Adding Third-Party Drivers into VMWare ESXi 6.7 ISO Image | Windows OS Hub
- VMWare ESXi Doesn’t Detect FC HBA adapters | Windows OS Hub
- Say hello to Isaac Computer Science - Raspberry Pi
- From 1999 to 2017: PCI Continues to Evolve | Sword & Shield
- CERIAS Blog - CERIAS - Purdue University
- Cyber Security Hall of Fame 2019 Inductees - CERIAS - Purdue University
- 8 hot IT security jobs and what they pay | CSO Online
- Leader of new NSA Cybersecurity Directorate outlines threats, objectives | CSO Online
- Insecure virtual USB feature in Supermicro BMCs exposes servers to attack | CSO Online
- 5 signs your security culture is toxic (and 5 ways to fix it) | CSO Online
- Data privacy in the IoT age: 4 steps for reducing risk | CSO Online
- 7 steps to ensure your Azure backup works when you need it | CSO Online
- What is the cost of a data breach? | CSO Online
- e
- Ransomware Gaining Momentum | Advanced Persistent Security
- Intro to Malware Dynamic Analysis: Part 5 | Advanced Persistent Security
- Intro to Malware Dynamic Analysis: Part 4 | Advanced Persistent Security
- Intro to Malware Dynamic Analysis: Part 3 | Advanced Persistent Security
- Intro to Malware Dynamic Analysis: Part 2 | Advanced Persistent Security
- Intro to Malware Dynamic Analysis: Part 1 | Advanced Persistent Security
- Researchers Discover Vulnerable SCADA Product & Responsive SCADA Vendor – RBS
- Incident Response report 2018 | Securelist
- Robert Penz Blog » Proxmox Container with Debian 10 does not work after upgrade
- Overview of LEAPWORK Web Automating Tool - EvilTester.com
- AWS High Performance Storage – Gabe's Blog
- Google Online Security Blog: How Google adopted BeyondCorp: Part 2 (devices)
- Google Online Security Blog: How Google adopted BeyondCorp
- Three Strategies to Avoid Becoming the Next Capital One
- Azure Guest Users - Risks and Security Considerations
- Verizon White Paper: CISO’s Guide to Cloud SecurityRafeeq Rehman – Personal Blog
- CISO MindMap 2019: What Do InfoSec Professionals Really Do?Rafeeq Rehman – Personal Blog
- What Are the Benefits of Cyber Exercises? - Delta Risk
- Top 10 Uses of Wireshark for Hackers Part II - The Ethical Hacker Network
- Notes on ZFS / Solaris forensics | DiabloHorn
- A Consumer’s Guide to Protecting Important Data From Ransomware
- ZigDiggity - ZigBee Hacking Toolkit
- Securing the Cloud: A Story of Research, Discovery, and Disclosure - Black Hills Information Security
- Getting IT & OT to speak the common language of IIoT vulnerability management
- SMBs focused on improving IT security
- The breach prevention playbook
- Security professionals now think cloud is safer than on-premise
- 8 Ridiculous EULA Clauses You May Have Already Agreed To
- 3 Android Motion Sensor Security Risks and How to Stay Safe
- How to Build a Mind Map in Microsoft Word
- How to Use OneNote for School: 10 Tips for Students and Teachers
- The 11 Best Raspberry Pi Projects for Beginners
- eDiscovery Checklist Manifesto
- Linked: Don’t worry about shadow IT. Shadow IoT is much worse.
- Is USB blocking misguided security? - The Silicon Underground
- Reviews of the NanoVNA: An Ultra Low Cost $50 Vector Network Analyzer
- Cognitive Governance: 5 Principles | TheGRCBlueBook
- Cognitive Governance: The First Pillar of a Cognitive Risk Framework | TheGRCBlueBook
- Five More L&D Books for Learning Professionals
- Performance Evaluations: What Not to Do » Public Libraries Online
- PowerShell: Add All Members of an OU to a Security Group | PeteNetLive
- When Experienced Women Engineers Look for New Jobs, They Prioritize Trust and Growth — The WordPress.com Blog
- DSHR's Blog: Optical Media Durability: Update
- Java mon amour: docker cheat sheets
- Java mon amour: awesome Kubernetes Best Practices videos
- Java mon amour: WebLogic, dramatic reduction of TLS sessions creation by rejectClientInitiatedRenegotiation
- Java 13 articles index-What is new in Java and other tutorials
- SWAPGS: Meltdown may be over, Spectre looms – Marksei
- How to pick the right Azure Exam Certification Path - Thomas Maurer
- Under The Stairs: Many Things Go Well with PowerShell 7 - But Not All!
- Securing Virtual Machines with Azure Bastion - byronpate.com
- Kubernetes Visually - With VMware Octant - The IT Hollow
- Fail2Ban, iptables and config management – The ongoing struggle
- How to Save Money on Azure using Azure Reservations - Thomas Maurer
- Prevent mistakes with Azure Resource Locks - Stuart Moore
- Recession is coming - SysAdmin1138 Expounds
- Creating Multi-Part Ansible Playbook With Variables - NetApp and VMware
- Microsoft: Flash in Browser will be removed end of 2020! | Born's Tech and Windows World
- Windows 7: Free Extended Update Support and usage | Born's Tech and Windows World
- Chris's Wiki :: blog/python/Python3AndCentOS7
- Chris's Wiki :: blog/solaris/ZFSNotUniversal
- Clint Boessen's Blog: Preparing Exchange Topology - PrepareAD, PrepareSchema, PrepareDomain etc
- Apache – Hosting multiple SSL/HTTPS PHP Laravel sites using Single IP – CentOS 7 | geekdudes
- PowerShell - Executing code at specific times - LazyWinAdmin
- PowerShell Productivity Hacks: How I use Get-Command – Mike F Robbins
- 802.11 bad signal diagnostics (Ubiquiti) | Nelson's log
- 802.11ac, 802.11ax, and friends | Nelson's log
- Open-Sourcing the CoreNIC Firmware - Netronome
- Monitoring Home Power Consumption for less than $25 – blog.kroy.io
- Fully embracing Docker – blog.kroy.io
- Get full control of Windows Update | >_
- How to Build an IIS SMTP Relay Server [Tutorial]
- PowerShell Import-Csv and Export-Csv: The CSV Whisperers
- Marketing: The Most Important Skill Engineers Think They Don't Need
- How to Turn your Script into a PowerShell GUI (WPF)
- An application-focused backup inventory - Architecting IT
- The Expanding Storage Hierarchy - Architecting IT
- Battle of the Virtual Routers – blog.kroy.io
- Building a ZFS on Linux Fileserver – blog.kroy.io
- The ZFS walk-of-shame with Seagate and OmniOS CE. – blog.kroy.io
- Virtualization The Future: Old Way vs New Way to Run Docker Commands - Part 7
- Virtualization The Future: Docker Containers Truly Isolated With Proof!!!!! - Part 6
- Virtualization The Future: Docker Commands - Part 5
- Virtualization The Future: Docker Installation on Windows Operating System - Part 4
- Virtualization The Future: What is Container? - Part 3
- Virtualization The Future: What is Docker? - Part 2
- Virtualization The Future: Why One Should Use Docker? - Part 1
- 28 facts about Linux for its 28th birthday
- Announcing Oracle Solaris 11.4 SRU12 | Oracle Solaris Blog
- Optimize Storage Cost with Reduced Pricing for Amazon EFS Infrequent Access | AWS News Blog
- A project manager's guide to Ansible | Opensource.com
- HealthyPi v4 open source, wireless, wearable for human vital signs monitoring - Geeky Gadgets
- Global reinsurance experts urge investment in open-source risk models
- 1. Invest in open-source models that provide a long-term view of climate risk and link to insurance solutions.
2. Joined-up policy-making to put climate-risk models at the heart of national adaptation strategies.
3. Develop consistent climate adaptation regulation and standards across countries.
4. Foster insurance innovations that can respond to a changing climate risk landscape.
5. Strengthen dialogue between insurers and policy-makers around Build Back Better.
6. Converge insurance, humanitarian and development agendas.
7. Promote and invest in risk literacy throughout society
- Securing DSC resources for VMware | Adventures in a Virtual World
- Wear Estimation for Devices with eMMC Flash Memory
- First Python Program | Janusworx
- Jupyter Notebook for Beginners Tutorial — Dataquest
- RHELvolution 2: A brief history of Red Hat Enterprise Linux releases from RHEL 6 to today
- Django Optimization: Or how we avoided memory mishaps | Codementor
- stylesheet for nmap output
- nmap -sC -sV -oA toots toots.dgplug.org --stylesheet nmap-bootstrap.xsl
- The continuing rise of Kubernetes analysed: Security struggles and lifecycle learnings - Cloud Tech News
- CommonHealth Will Enable Android™ Phone Users to Access and Share their Electronic Health Record Data with Trusted Apps and Partners | BioSpace
- CommonHealth
- 7 tips for sysadmins to improve communication skills | Enable Sysadmin
- Introducing Glean — Telemetry for humans - Georg Fritzsche - Medium
- Rotating Images in ReportLab - The Mouse Vs. The Python
- How to use the LXD Proxy Device to map ports between the host and the containers – Mi blog lah!
- Council Post: Open Source Is Poised To Have A Greater Impact On Security
- Test & Code - Python Testing & Development 86: Teaching testing best practices with 4 testing maxims - Josh Peak
- Nping and Nmap arp scan – Linux Hint
- A Cyber Command Operational Update: Clarifying the June 2019 Iran Operation - Lawfare
- A Comprehensive Intro to Darktable: A Free Lightroom Alternative
- Draw.io is a free Flowchart and diagram creation software for Windows, Linux, macOS and your browser - gHacks Tech News
- Most common custom SSH Configurations of the OpenSSH Server - LinuxConfig.org
- ESXI 6.7 update: No space left on device | eknori.de
- The newest patching surprises - and how to fix some of them
- Benchmark Linux systems: Install Sysbench tool - LinuxTechLab
- Essential System Tools: hyperfine - command-line benchmarking tool - LinuxLinks
- DNS configuration with Ansible | Enable Sysadmin
- Thousands Of Linux Servers Infected By Lilu (Lilocked) Ransomware
- Configure DNS over TLS on Linux Mint to Protect DNS Privacy
- Put A TimeStamp on Bash History | UITS Linux Team
- HISTTIMEFORMAT="%d/%m/%y %T "
- Memory Ballooning
- VirtScreen on openSUSE | Turn a Tablet into a Second Monitor – CubicleNate's Techpad
- Connect to Wi-Fi From Terminal on Ubuntu 18.04/19.04 with WPA Supplicant - LinuxBabe
- Finally, I Can Make Multiboot USB of openSUSE from Ubuntu
- Excellent Free Books to Learn Pascal - LinuxLinks
- Why Spinnaker matters to CI/CD | Opensource.com
- Who-T: Tuhi - an application to support Wacom SmartPad devices
- LDAP Guide Part 4: Schema and Objects — Firstyear's blog-a-log
- LDAP Guide Part 3: Filters — Firstyear's blog-a-log
- LDAP Guide Part 2: Searching — Firstyear's blog-a-log
- LDAP Guide Part 1: Foundations — Firstyear's blog-a-log
- Using ramdisks with Cargo — Firstyear's blog-a-log
- Raspberry Pi 4 and Raspbian: Two months in, here's what I've learned so far | ZDNet
- A Guide to Excel Spreadsheets in Python With openpyxl – Real Python
- Combine Multiple Excel Worksheets Into a Single Pandas Dataframe - Practical Business Python
- 7 years of Django in 7-ish days | tlog
- How to Install Windows 3.1 in DOSBox, Set Up Drivers, and Play 16-bit Games
- 7 Best SNMP Monitoring Tools For Linux
- Anatomy of a Linux DNS Lookup – Part V – Two Debug Nightmares – zwischenzugs
- Anatomy of a Linux DNS Lookup – Part IV – zwischenzugs
- Anatomy of a Linux DNS Lookup – Part III – zwischenzugs
- Anatomy of a Linux DNS Lookup – Part II – zwischenzugs
- Anatomy of a Linux DNS Lookup – Part I – zwischenzugs
- Seven God-Like Bash History Shortcuts You Will Actually Use – zwischenzugs
- Nikola - Static Site Generator for your webz
- Boostnote is an easy to use open-source, cross-platform note-taking app in active development
- Using the LXD Kali container image – Mi blog lah!
- Provisioning ESXi with MAAS: An overview | Ubuntu
- Multi-tenancy in MAAS | Ubuntu
- iTWire - Business losses to cyber crime data breaches to exceed US$5 trillion by 2024
- iTWire - Internet Society weighs up the cost to business of cyber security breaches
- Making containers safer [LWN.net]
- Build a monitoring infrastructure for your Jaeger installation - Red Hat Developer
- 20 Excellent Free Books to Learn Perl - LinuxLinks
- A technical comparison between snaps and debs | Ubuntu
- How to Make Your CSO Happy with Your Open Source Components - CPO Magazine
- Corelight’s Brian Dye: Data-Driven Approach, Open Source Tools Key to Building Defensive Cyber Program – GovCon Wire
- How long before SSDs replace nearline disk drives? – Blocks and Files
- Changing the face of computing: UNIX turns 50 - Developer Tech
- Glia Is Making Open Medical Devices, And You Can Help | Hackaday
- A Clinical Grade Libre/Open Source 3D Printed Otoscope
- Thank The NSA For Their Ghidra Software Now Helping Firmware Reverse Engineering - Phoronix
- Western Digital's Long Trip from Open Standards to Open Source Chips
- Six simple money habits that changed my life
- How to Use Budgeting Skills to Improve Your Time Management
- LineageOS: Samsung Galaxy Note 3 | panticz.de
- F-Droid: A security-conscious repository for Free and Open Source Software (FOSS) applications for Android – The Gadgeteer
- Two Researchers Recreate The "Dangerous" OpenAI Text Generator
- Ukranian Employees Connect Nuclear Plant To Internet To Mine Cryptocurrency
- How secure is DNA testing?
- [Howto] Get a Python virtual environment running on RHEL 8 – /home/liquidat
- A dozen ways to learn Python | Opensource.com
- 9 Quick 'mv' Command Practical Examples in Linux
- Exadata Upgrade to OL7 and to Oracle 19c
- Creating a Normalized Vegetation Index Sensor with two LEDs | Underwater Arduino Data Loggers
- CPU Security Mitigation on openSUSE | Tuning it for Your Case – CubicleNate's Techpad
- AD Reading: Windows Server 2019 Active Directory Features – Active Directory Security
- Announcing VMware Tanzu and Project Pacific - CormacHogan.com
- Get faster GitLab runners with a ramdisk · major.io
- PowerCLI: vMotion Multiple VMs | PeteNetLive
- VMware Converter Slow! | PeteNetLive
- How to Measure Cybersecurity - Lawfare
- VMware Integrated Openstack Federation Guide and SAML2 ADFS Walkthrough
- ZFS: Performance and capacity impact of ashift=9 on 4K sector drives
- VMworld 2019: Top Security Keynotes and Sessions You Should Attend
- Chris's Wiki :: blog/solaris/ZFS4KDiskWithAshift9
- ashift=12
- Add machine to Nagios using Ansible | geekdudes
- How To Monitor SSD Health Status on VMware ESXi Host | KC's Blog
- HOWTO: Find NAV user running long SQL queries – Please Work
- Divorce dispute leads to accusation of crime in space
- Battle of the Virtual Routers
- FDA to trial innovative computer-assisted heart surgeries this fall
- How to use StarWind VSAN As a Resilient and Highly Available Shared Storage | ESX Virtualization
- Z-Wave best hubs: Ring, SmartThings, Aeotec and more - 9to5Toys
- How to Write Better Scripts with PowerShell Modules
- Mastercard: Data leak larger than feared | Born's Tech and Windows World
- Robocopy: The Ultimate Guide
- Migrating a Ubiquiti Unifi Controller to run on a Raspberry Pi for Pennies - Doug Rathbone
- Demystifying Active Directory and LDAP Filters in PowerShell
- Report: The new .NET updates break Veritas Backup Exec @ AskWoody
- Useful Linux commands for an Oracle DBA - Blog dbi services
- Dissecting 190716 BP, PSU, RU and RUR - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Humair's Blogs » Blog Archive » Second VMware Press Book Published – My Thoughts and Tips
- Unbuntu, Android Studio and Emulated Google ChromeOS – Michelle Laverick…
- LXD with OpenvSwitch network | panticz.de
- Install: tinyproxy | panticz.de
- How To Find USB Device Bandwidth Usage On Linux - OSTechNix
- Six practical use cases for Nmap | Enable Sysadmin
- Hubstaff - Work Time Tracking Software for Productive Teams
- Share Your Keyboard and Mouse Between Linux and Raspberry Pi - It's FOSS
- Which financial advice should you trust?
- Maximizing Retirement Time: Being Flexible in Both Work Income and Spending — My Money Blog
- Birmingham Digital & DevOps Meetup : August 2019 | The ORACLE-BASE Blog
- The Difference Between Data, Information, and Intelligence | Daniel Miessler
- How to Setup SSH Passwordless Login in Debian 10
- A compendium of container escapes - Help Net Security
- How To Set up Automatic Security Update (Unattended Upgrades) on Debian/Ubuntu? | 2daygeek.com
- KVM: Windows 7 VM | panticz.de
- PyFunnels: Data Normalization for InfoSec Workflows - Black Hills Information Security
- Apache Software Foundation's Code-Base Valued At $20 Billion USD - Phoronix
- Patchday Windows 10 Updates (August 13, 2019) | Born's Tech and Windows World
- Patchday: Updates for Windows 7/8.1/Server (August 13, 2019) | Born's Tech and Windows World
- Microsoft Security Update Summary (August 13, 2019) | Born's Tech and Windows World
- Chris's Wiki :: blog/linux/OOMKillerWhen
- Chris's Wiki :: blog/linux/NoMemoryButNoOOM
- How To Create a Menu Selection Script in Powershell - Daniel Engberg
- The lifecycle of infrastructure at a standard-pattern cloudy startup - SysAdmin1138 Expounds
- Replication considerations for Domain Controllers running on VMware vSphere - The things that are better left unspoken
- Windows: Critical Patches (CVE-2019-1181/CVE-2019-1182) August 13, 2019 | Born's Tech and Windows World
- CVE-2019-1181 CVE-2019-1182
- Running Your Own Encrypted DNS Server for Fun and Profit | badllama.com
- August 2019 Security patches: It’s a biiiiiiiiig month @ AskWoody
- "Now is the best time I've ever seen to get into LegalTech" - Legal IT Today | DennisKennedy.Blog
- Black Hat 2019: 3 cybersecurity concerns and 3 things that give hope | CSO Online
- 3 ways security is improving
While there is a lot of work ahead, all is not doom and gloom. Here are a few positive observations from Black Hat 2019:
Application security is getting the attention it deserves. Agile development, DevOps, and cloud computing have finally forced the industry to confront a historical weakness – for the past 20 years or so, we’ve tended to bolt security on rather than bake it in. I’m seeing profound changes here, with security moving rapidly into the CI/CD pipeline. It’s still early, and application development is moving much faster than security knowledge, but at least we are heading in the right direction.
The industry is making progress on security operations automation. Security operations has long suffered from too many point tools, a reliance on manual processes, and a shortage of skilled personnel. To address these problems, many CISOs have slowly moved beyond the basics of security operations automation. For example, there is a trend toward continuous red teaming combined with automated remediation actions. I even talked to one CISO who hired an “automation person” who had no security skills. His job is to work with the security operations team to discover and automate manual processes. I’m encouraged by stories like these that I heard at Black Hat.
The MITRE ATT&CK Framework (MAF) has gained a lot of traction. For all the talk about artificial intelligence (AI) and machine learning technologies, the MITRE ATT&CK Framework is becoming ubiquitous in the enterprise. This can be extremely beneficial, as it forces security professionals to think in terms of pervasive attacks and kill chains rather than individual events.
- Safe travels: 7 best practices for protecting data at border crossings | CSO Online
- Securing Your Multi-Cloud Strategy | CSO Online
- Gartner estimates that Shadow IT comprises 30 to 40 percent of IT spending in large enterprises.
- 12 things every computer security pro should know | CSO Online
- 1. Your opponents’ motives
2. Types of malware
3. Root cause exploits
- Why It’s Time to Update Your Endpoint Security Approach - Delta Risk
- Example of modelling an application flow as a diagram for Software Testing - EvilTester.com
- IT Governance’s 2019 Cyber Resilience Report reveals major data protection weaknesses - IT Governance Blog
- 43% of organisations don’t have a formal information security management programme.
33% of organisations don’t have documents that state how they plan to protect their physical and information assets.
30% haven’t implemented identity and access controls.
- Meet Bluetana, the Scourge of Pump Skimmers — Krebs on Security
- A Roadmap for Lawyers With Cybersecurity Paralysis | SENSEI ENTERPRISES, INC.
- Fayetteville Tech Lawsuit to Require Digital Forensics | SENSEI ENTERPRISES, INC.
- SSLH - Share A Same Port For HTTPS And SSH - OSTechNix
- Using WebThings Gateway notifications as a warning system for your home - Mozilla Hacks - the Web developer blog
- YouTube download and convert to mp3 | panticz.de
- Geeking outside the office | Enable Sysadmin
- Cooling The Raspberry Pi 4 With The Fan SHIM & FLIRC For Better Performance - Phoronix
- Top 9 Django Concepts - Part 1: 4 Mins | Codementor
- Teaching cybersecurity in an open classroom | Opensource.com
- Excellent Free Books to Learn X86 Assembly - LinuxLinks
- A comprehensive guide to agile project management | Opensource.com
- Top 20 Best Plotting Tools for Linux for Creating Scientific Graphs
- Reinventing Your Own STP Wheel... « ipSpace.net blog
- How Hexdump works | Opensource.com
- Database Migration from non-CDB to PDB – Migration with Data Pump
- Introducing vSphere Cloud Native Storage (CNS) - CormacHogan.com
- VMware vSphere 6.7 U3 Announced - What's New? | ESX Virtualization
- Runecast Analyzer makes hardware checking against the VMware HCL easy - ivobeerens.nl
- Operational Debt the lead weight around IT’s neck – Virtual Me
- Automating an Azure Lab Setup with PowerShell [Demo]
- Getting Started with Terraform on Windows (Demo Walkthrough)
- The Underused Power of the Microsoft Graph API with PowerShell
- Fundamentals: Study Them for Long-Term Trading Gains – Business Ideas
- 1. Buy the Rumor, Sell the News
This is a phrase that every forex trader has heard at some point. However, if you think about it, you’ll see that often the markets behave in ways the policymakers least expect. And when there is a big disconnect between expectation and outcome, you can gain an edge with your contrarian opinion.
2. Look at the Longer-Term Trends
The fundamentals often hit the headlines for the wrong reasons. For example, a recent US jobs report just made big headlines. If you read that news release without considering the larger context, you might think that the US economy had just tanked. However, the long-term trends will give you better insights.
3. Everything Is Interrelated
In short, what happens in Asia affects Europe, the US, and other markets. Therefore, fundamental analysis can help you to anticipate what’s coming next. For example, when the Chinese stock markets take a tumble, US stocks take a hit as well.
- Portfolio Charts Tool Tests Flexible Withdrawals in Retirement — My Money Blog
- Biggest Bang For Your Buck States, 2019 | Tax Foundation
- Azure VMs with Oracle- Next Steps
- The Ten Rules of Database Administration
- With that said, I’m going to list my Ten Rules of Database Administration.
Fixing a performance problem with hardware is the best way to guarantee the return of the problem in the near future.
A Database Administrator is only as good as their last backup, (or database image, clone, flashback and other redundancy.) It’s the only protection from ID10T errors- our own and others.
The best performing database is one that has no users. The best performing query is one that doesn’t have to be executed.
Optimize what annoys the user vs. what annoys you and you’ll never have to worry about your job.
Never assume, always research and double-check/triple-check your findings. Data is the savior of the DBA.
Performance issues are rarely simple. If they were simple, the user could fix them and we’d be out of a job.
If a database is up and running, then something has changed. Don’t ever accept the answer that nothing’s changed. They’d have to be using paper and pen instead of the database.
A developer’s goal is to have an application or procedure complete requirements. Your job is to make sure the code they produce does so without risk to data, database and does so efficiently.
You can’t do your job as well as you can if you understand what the application developer, user and business does.
The database is always guilty until proven innocent and by the way, you only have access to 1/2 the case evidence. You’re it’s attorney- Congratulations.
- The Morning After: The mystery of Virginia's TV Man
- Scientists have even found microplastics in the Arctic
- Hacking 4G hotspots – when did you last update? – Naked Security
- GDPR privacy can be defeated using right of access requests – Naked Security
- FileZilla fixes show how far we’ve come since Heartbleed – Naked Security
- ‘Urgent/11’ flaws affect 200 million devices – from routers to elevators – Naked Security
- How to protect your OT Assets from Cyber Threats & Cyber Risks
- How To Discover and Protect Your OT Assets
- New Capabilities to Automatically Discover and Assess Rogue Assets
- Oracle Critical Patch Update for July Contains 265 Fixes
- Cybersecurity as a Public Service: 3 Ways Local Governments Can Change the Conversation - Blog | Tenable®
- Include cybersecurity as a key element of public safety. The cybersecurity budget line item in state government is less than 3 percent of the total IT budget, according to a 2018 study by the National Association of State Chief Information Officers (NASCIO); anecdotally, we hear that the local cybersecurity budget is often even less. Public safety is a much larger component of local budgets, in part because the public can see where their tax dollars are going in the form of more police officers and firefighters. Yet, cybersecurity is essential to keeping increasingtly internet-facing critical infrastructure safe and secure. It is a true statement that “cyber tools don’t rescue cats from trees,” so it is unlikely that they will ever be valued as highly by local taxpayers. But what if we spoke of cybersecurity in the language of public safety? For example, framing predictive prioritization of cyber vulnerabilities as an essential public safety measure — much like local governments justify the spending on tools like CompStat for law enforcement or SeeClickFix systems for community alerts — would demonstrate that public funds are being used as efficiently as those used to address violent crime and quality-of-life needs.
Make cybersecurity a community campaign. If public services go down then everybody suffers, especially the most vulnerable in society. Homebound seniors may see interruption in their remote medical devices if power is lost. Low-income residents may not be able to get to work if public transportation is interrupted. And a loss of public safety communications, such as 911 service, can lead to loss of life. All of these scenarios are acutely felt at the local level and will certainly affect a large segment of the population. Avoiding these interruptions is thus a community responsibility and can be used as justification to rally support for public campaigns to improve cyber hygiene and increase awareness of cyber threats.
Utilize cybersecurity curriculum in K-12 education in to shrink the digital divide. Internet of Things (IoT) and web-based applications to streamline service delivery are showing great promise but they also have the potential to widen the digital divide. Cities are making broadband access available to larger segments of residents but it may not be utilized equally by all. Promoting cybersecurity skills and tools in K-12 education can help close this divide by making cyber careers more accessible to a larger swath of the community, breaking down barriers of entry to IT careers and affecting multiple generations, as students instruct their parents and other family members on the importance of cybersecurity and the value of digital transformation.
- Cyber Exposure: Taking a Holistic Approach to Vulnerability Management
-
Where are we exposed?
How should we prioritize based on risk?
How are we reducing exposure over time?
How do we compare to our peers?
- 6 Security Considerations for Wrangling IoT
- 1. Team mindset: For security to become a priority, it helps to have an entire team that is invested in security. This includes everyone from the CEO and website manager to the developer. When teams and priorities are aligned, budgets and actions are built into short- and long-term goals.
2. Standardization: IoT industry standardization is needed across the board — much like the standards for browsers and websites in the early days of the Internet. Web browsers and websites have evolved a lot over the years, and we are very much in the early stages of IoT.
3. Secure the supply chain: We must hold vendors accountable, but it's not just about the device itself — supply chain partners are numerous. As we saw with Google Home Nest cameras, third-party service providers were part of the problem that allowed old owners of cameras to spy on new owners.
4. Consumer education: If more people are educated on what could go wrong, they will be more security conscious. If they're aware of vulnerabilities and issues, they can help prevent attacks. For example, as we saw with the Nest vulnerability, they can make sure their devices are set to factory settings and check for updates to systems on a frequent basis. Educating kids at an early age can also go a long way, just like they're told to not open the door to strangers. In our modern age, "safety" is still the issue, but the risks have changed. The simple task of installing an application off the Web itself can become the weakest link.
5. Secure applications that support IoT devices: We must ensure that the code and software we build for IoT is continually tested for vulnerabilities. For instance, we can pre-emptively change default passwords of devices, and also manage the patch level of the kernel software on devices to prevent exploitation of new vulnerabilities.
6. Multilayered network security: Many things can be done at the enterprise network level. Segmentation of networks can ensure that hacked IoT devices can't affect other areas of networks. Perimeter security can help ensure hackers can't see networks in the first place. Companies should also limit the ability of IoT devices to initiate network connections.
- How to Scan Websites for Interesting Directories & Files with Gobuster « Null Byte :: WonderHowTo
- The 15 Most Popular Talks from DEFCON's Hacking Conferences « Null Byte :: WonderHowTo
- How to Load Kali Linux on the Raspberry Pi 4 for the Ultimate Miniature Hacking Station « Null Byte :: WonderHowTo
- How to Set Up Network Implants with a Cheap SBC (Single-Board Computer) « Null Byte :: WonderHowTo
- 80/20 Cyber Security, Part 2—The 3 Most Critical Controls | Pivot Point Security
- 80/20 Cyber Security—How to Reduce 80% of Your Cyber Risk with 20% of the Effort | Pivot Point Security
- How to avoid and protect against medical identity theft
- Here are some things you can do right now to protect yourself against medical identity theft.
Use a VPN service
Delete receipts and prescriptions
Stop sharing everything on social media
Stop sharing your medical insurance
Pay as much attention to the security of your medical information as your SSN
Keep an eye on your credit report.
Keep your eyes open for any suspect correspondence
Start talking regularly with insurance providers.
- How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3 | Alexander V. Leonov
- Patching or reimaging your ODA? - Blog dbi services
- Your DSLR Camera Can Be Prone To Ransomware; Here’s How
- Staffing the CISO office: A call to senior management for some expansive thinking | CSO Online
- Top 10 Python Web Frameworks – Linux Hint
- Built to scale: 5 tips for structuring your security organization for growth | CSO Online
- 87th Annual Meeting: June 28-July 1, 2019 in Honolulu - usmayors.org
- 4 signs the CISO-board relationship is broken (and 3 ways to fix it) | CSO Online
- Smishing and vishing: How these cyber attacks work and how to prevent them | CSO Online
- Black Hat keynote: Why security culture needs to change | CSO Online
- 11 new state privacy and security laws explained: Is your business ready? | CSO Online
- How Nyotron Paranoid puts endpoint security worries to rest | CSO Online
- Looking for answers at Black Hat: 5 important cybersecurity issues | CSO Online
- Network security platforms
Endpoint security consolidation?
Managed detection and response – it’s all about the people
Serverless security – the new frontier
Security analytics innovation and confusion
- Top cyber security certifications: Who they're for, what they cost, and which you need | CSO Online
- How JustEat finds and trains in-house security talent | CSO Online
- 3 Steps to Deploying a Hardened OS by Tailoring | CSO Online
- 6 lessons from Venmo’s lax approach to API security | CSO Online
- What is a CASB? What you need to know before you buy | CSO Online
- 11 top DEF CON and Black Hat talks of all time | CSO Online
- Equifax’s data breach disaster: Will it change executive attitudes toward security? | CSO Online
- 31 hardware and firmware vulnerabilities: A guide to the threats | CSO Online
- Learning the Vulnerability Management Fundamentals
- Here are six discovery questions to ask as a starting point:
Where are your business offices and network infrastructure sites, including failover and backup sites, located?
What are the key web applications, operating systems, software packages and databases supported by the IT organization?
What types of assets (IT/OT, physical, software, mobile, development) are used by the company?
Do you have an asset management tool or a database of all assets owned by the organization?
Do you use an asset and data classification policy to enforce security and access controls?
Which assets, applications and data are considered critical for the organization?
- 15 Cybersecurity Fundamentals for Water and Wastewater Utilities | WaterISAC
- The 15 fundamentals are:
Perform Asset Inventories
Assess Risks
Minimize Control System Exposure
Enforce User Access Controls
Safeguard from Unauthorized Physical Access
Install Independent Cyber-Physical Safety Systems
Embrace Vulnerability Management
Create a Cybersecurity Culture
Develop and Enforce Cybersecurity Policies and Procedures
Implement Threat Detection and Monitoring
Plan for Incidents, Emergencies, and Disasters
Tackle Insider Threats
Secure the Supply Chain
Address All Smart Devices (IoT, IIoT, Mobile, etc.)
Participate in Information Sharing and Collaboration Communities
- Protect against BlueKeep
- 5 essential controls to include in your cyber security checklist - IT Governance Blog
- How to recover from a cyber attack - IT Governance Blog
- How to make sure your cyber insurance policy pays out - IT Governance Blog
- How to Get on the Dark Web: A Step-by-Step Guide
- SECURITY ALERT: GermanWiper Ransomware Erases Your Data Even If You Pay
- How to search effectively and efficiently – Part I: basic principles, tips and tricks for OSINT – We are OSINTCurio.us
- ISO 27001 Certification Proven Process Explained! Step 8: Maintenance, Continuous Improvement and Recertification | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 7: Certify Your ISMS | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 6: Conduct an Internal Audit | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 5: Execute the Risk Treatment Plan | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 4: Build a Risk Treatment Plan | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 3: Identify and Analyze Information Related Risk | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 2: Understand Your InfoSec Controls | Pivot Point Security
- ISO 27001 Certification Proven Process Explained! Step 1: Understand Your Scope | Pivot Point Security
- 4 Reasons to Establish and Exercise Your Right to Audit Vendors | Pivot Point Security
- 3 “First To-Dos” after You Complete Your Privacy Data Mapping Exercise | Pivot Point Security
- CHIME, AHIMA push Senate on national patient identifier
- US State Comprehensive Privacy Law Comparison
- Hospital executives and HHS at odds on protecting patient data
- Google Online Security Blog: Understanding why phishing attacks are so effective and how to mitigate them
- MalConfScan with Cuckoo: Plugin to Automatically Extract Malware Configuration - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Extract Malware Configuration with MalConfScan - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Top Three Cross-Site Scripting Attacks You Need to Know Now
- Eight Steps to Migrate Your SIEM
- What Call Center Fraud Can Teach Us about Insider Threats
- Best Practices for Remote Workers’ Endpoint Security
- Security Operations Center (SOC): Prioritizing Log SourcesRafeeq Rehman – Personal Blog
- NBlog - the NoticeBored blog: NBlog July 20 - what is the ISMS for?
- Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less
- A New Approach to Application Security Testing - ShiftLeft Blog
- Hacker Summer Camp 2019: What I'm Bringing & Protecting Yourself · System Overlord
- Automated ESXi Installation to USB using Kickstart
- Intro to Hardware Hacking - Dumping your First Firmware
- Top 10 Uses of Wireshark for Hackers Part I - The Ethical Hacker Network
- Manual Vulnerability Detection - The Ethical Hacker Network
- Errata Security: Hacker Jeopardy, Wrong Answers Only Edition
- Errata Security: Securing devices for DEFCON
- PHP: Supported Versions
- Brief History of Internet Wide Scanning
- Healthcare Exchange Standards: IHE Profiles on FHIR R4 now have conformance resources available
- Web con: 'How to Make Yourself Understood by the CISO and CIO'
- VA OIG report shows holes in security, privacy for patient information
- NY gov. signs two new data breach security laws
- InfoSec Women: Leaders and In Charge | CyberWatch
- Rocky Mountain Health IT Summit ~ Cyber Thoughts
- How to Become Hacker, Check you are Eligible or Not
- Infosec's Unfortunate Departure from Spaced Learning | Chris Sanders
- The Story of a Top 10 Insurance Company - Pindrop
- Azure Security Lab: a new space for Azure research and collaboration – Microsoft Security Response Center
- Command Injection Cheatsheet - HackersOnlineClub
- Your Reporting Matters: How to Improve Pen Test Reporting - Black Hills Information Security
- Publicly available Tenable .audit scripts | Alexander V. Leonov
- IBM offers explainable AI toolkit, but it’s open to interpretation | ZDNet
- Check whether laptop is running on battery or cable Using echo, eval
- Assessing Open Source Software for Industrial Use | Automation World
- Black Hat USA 2019 conference Highlights | Packt Hub
- A Fistful of Dongles: The Application Era of Digital Forensics
- Humans Are Genebots | Daniel Miessler
- We Don't Need Patches Why Organizations Don’t Patch
- 8 Ways to Encourage Cyber Security Awareness - Delta Risk
- How Cyber Security Exercises Can Keep You in Shape - Delta Risk
- What’s New in Azure Active Directory for July 2019 - The things that are better left unspoken
- Passed Microsoft Certified: Azure Solutions Architect Expert – UseIT | Roman Levchenko
- almost
- RDP vulnerability puts Hyper-V at risk | Born's Tech and Windows World
- Automating employee onboarding the PowerShell way
- Microsoft has found a way to hurt the partnership between Amazon Web Services and VMware by raising prices for customers using non-Microsoft clouds | Business Insider India
- Open Sourcing the Kubernetes Security Audit - Cloud Native Computing Foundation
- Scrum vs. kanban: Which agile framework is better? | Opensource.com
- Transport Layer Security version 1.3 in Red Hat Enterprise Linux 8
- New Bluetooth 5 Channel Hopping Reverse Engineered For Jamming And Hijacking | Hackaday
- AT&T Employees Took Bribes To Plant Malware On Company's Network | Techdirt
- Windows Kernel Information Disclosure Vulnerability CVE-2019-1125 | Born's Tech and Windows World
- CVE-2019-1125
- SDRTrunk 0.4.0 Alpha 9 Updates Highlighted
- GNU Radio 3.8.0.0 Released – First Minor Release Version in Six Years
- Testing Linux Docker Images in CloudBees CodeShip CI - via @codeship | via @codeship
- AWS Lake Formation – Now Generally Available | AWS News Blog
- Preview Release of the new AWS Tools for PowerShell | AWS News Blog
- Cannot download attachment (due to size) with mobile device on Exchange ActiveSync - The time I've wasted on technology...
- Microsoft is changing the rules of the game - robbeekmans.net
- Creating Isolated Networks with Ubiquiti UniFi · vNinja.net
- Hackers Threaten Medical IoT Devices: Here's How to Keep Them Safe
- What Is an M.2 SSD? The Pros, Cons, and How to Install One
- Where to Buy Ebooks? The Best Online Ebook Stores
- The Best Flowchart Templates for Microsoft Office
- 4 Essential Google Account Settings to Change for Better Security
- 10 Amazingly Useful Spreadsheet Templates to Organize Your Life
- The 9 Best USB Audio Interfaces for Musicians
- The Essential Ebook Converter Guide
- How to Remove the DRM on Every Ebook You Own
- Automate The Freight: When The Freight Is People | Hackaday
- Building A Safe ESP32 Home Energy Monitor | Hackaday
- Jazzberry All-In-One Computer by machineboy - Thingiverse
- Brain-Computer Interfaces: Separating Fact From Fiction On Musk’s Brain Implant Claims | Hackaday
- GitHub - nexusofdoom/lancache-installer
- Java mon amour: Openshift 4, interesting readings
- Java mon amour: OpenShift CI/CD
- Java mon amour: Openshift RedHat plugin for Intellij
- Java mon amour: SAML and JWT
- There Are 2 Times of Year You Should Never Job Hunt
- Free Up Your Hands With Speech-to-Text on Android
- Erman Arslan's Oracle Blog: Weblogic -- Disaster Recovery implementations
- The Hitchhiker's Guide to Ethical AI
- Almost half of employees have access to more data than they need
- Load balancer flaw could lead to major breaches at large organizations
- Ransomware turns its sights on large organizations
- Using Automation vs Making Automation - EtherealMind
- New Teensy 4.0 Blows Away Benchmarks, Implements Self-Recovery, Returns To Smaller Form | Hackaday
- Espionage On Display As GCHQ Hosts A Temporary Exhibit | Hackaday
- A SuperCap UPS | Hackaday
- First Look At DEF CON 27 Official Badge; Kingpin Is Back! | Hackaday
- Chris's Wiki :: blog/linux/IptablesRewriteUsingIpset
- SMEs forced to meet cybersecurity demands in order to win contracts
- The top 11 security threats to cloud computing
- The top 11 in order of significance are:
Data Breaches
Misconfiguration and inadequate change control
Lack of cloud security architecture and strategy
Insufficient identity, credential, access and key management
Account hijacking
Insider threat
Insecure interfaces and APIs
Weak control plane
Metastructure and applistructure failures
Limited cloud usage visibility
Abuse and nefarious use of cloud services
- Biggest ransomware threat is encryption of shared cloud files
- 3 ways IoT will impact our future
- Chris's Wiki :: blog/unix/NoSwapConsequence
- Half of companies won't move mission critical workloads to the cloud
- DIY Embroidery Machine V2 | OpenBuilds
- Build an ESP8266 web server – Code and schematics (NodeMCU) « Dangerous Prototypes
- The 5 Elements of Effective Thinking by Edward B. Burger and Michael Starbird
- Occasionally go back to the basics
Plan to fail
Before getting started, make sure you are asking the right question
- Supercell cloud - Japan Today
- VMworld 2019 - Preflight Checklist - VirtuallyInclined.com
- Monitoring Kubernetes with Wavefront via Proxy Chaining - CormacHogan.com
- How to Create a RAM Disk on Windows Server? | Windows OS Hub
- Sysdig Secure 2.4 Announced - The IT Hollow
- Patch Lady – we have another Spectre/Meltdown @ AskWoody
- The End-All Guide to Repairing Active Directory Trust Relationships
- Finding the last time your domain controller backup happened
- Intro to Black - The Uncompromising Python Code Formatter - The Mouse Vs. The Python
- RV Offsite Backup Update | Linux Journal
- Security scanning your DevOps pipeline | Opensource.com
- Python Celery Guide | Codementor
- How to scan your Docker installment with docker-bench-test - TechRepublic
- France Says Ransomware Attacks on Big Companies Are on the Rise - Bloomberg
- Seven Concerns Open Source Should Worry About - Part 1 | ConsortiumInfo.org
- From Linux to cloud, why Red Hat matters for every enterprise | ZDNet
- Get going with EtherCalc, a web-based alternative to Google Sheets | Opensource.com
- Explainer: What is post-quantum cryptography? - Linux Security - Cryptography
- The Spend Safely in Retirement Strategy
- An Ansible reference guide, CI/CD with Ansible Tower and GitHub, and more news | Opensource.com
- Top 20 Best Cybersecurity Courses That You Can Sign Up Now
- What's your favorite open source BI software? | Opensource.com
- Managing Risk in the Supply Chain
- 8chan owner blasts 'sinister' shutdown - Japan Today
- Google, Money and Censorship in Free Software communities | DanielPocock.com
- Original Cult of the Dead Cow Members Keep it "Wacky, Weird, and Wild" to Celebrate Joseph Menn's Newest Book | Electronic Frontier Foundation
- Top 20 Best Bioinformatics Tools for Linux: An Ultimate Collection
- Manage your passwords with Bitwarden and Podman - Fedora Magazine
- 24 sysadmin job interview questions you should know | Opensource.com
- A new tool for measuring continuous learning | Opensource.com
- Announcing coreboot 4.10 – coreboot
- Linux with a 30-year lifespan | Joinup
- Top 20 Best Raspberry Pi Projects That You Can Start Right Now
- Web server security – Part 0: How to start · InfoSec Handbook – information security blog
- How to Use Binder and Python for Reproducible Research - Erik Marsja
- Excellent Free Books to Learn Java - LinuxLinks
- The Growing Threat of Targeted Ransomware | SecurityWeek.Com
- Assessing-Medical-Device-Cyber-Risks-in-a-Healthcare-Environment.pdf
- Freedombone version 4.0 | Freedombone Blog
- The Definitive Guide to Centralized Logging with Syslog on Linux
- An Open Hardware Rubber Ducky | Hackaday
- Fernando Corbato: Scientist who fostered the digital revolution and the computer password | The Independent
- 3 tools for doing presentations from the command line | Opensource.com
- Top 15 Best Linux Log Viewer & Log file Management Tools
- Preliminary Observations on the Utility of Measuring Cybersecurity - Lawfare
- Excellent Free Books to Learn PHP - LinuxLinks
- Using Metrics to Guide Container Adoption, Part I – Red Hat OpenShift Blog
- U.S. GAO - Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges
- U.S. GAO - Federal Information Security: Agencies and OMB Need to Strengthen Policies and Practices
- Disks and Partitions Management with Windows PowerShell | Windows OS Hub
- Azure Dedicated Host for your Azure VMs - Thomas Maurer
- Three Companies Bringing Innovation to Open Keyboards | FOSS Force
- How to Build PowerShell Functions for Easier Pester Testing
- Vagrant – creating Virtual machine | geekdudes
- How to Setup Travis for Quick Ansible Playbook CI | hobo.house
- NHS: The Long-Term Plan
- German schools ban Microsoft Office 365 because of privacy concerns
- The History Of Computing: The Xerox Alto - krypted
- 65 percent of cybersecurity analysts say they've considered quitting
- Microsoft's web-based Outlook 365 is leaking users' IP addresses in emails
- Businesses still at risk from outdated operating systems
- 66 percent of SMBs don't believe they’re vulnerable to a cyberattack
- Confessions of a paranoid DEC Engineer: Robert Supnik talks about the great Dungeon heist! – Virtually Fun
- Looking inside a 1970s PROM chip that stores data in microscopic fuses « Dangerous Prototypes
- Building a bluetooth DAC with Raspberry Pi Zero W « Dangerous Prototypes
- Quote Details: Bertrand Russell: In all affairs it's... - The Quotations Page
- Watergate Salad: A Fluffy Green Bite Of Washington, D.C.'s Past : The Salt : NPR
- An Introduction to Structured Data at Etsy - Code as Craft
- ESP32 with DHT11/DHT22 Temperature and Humidity Sensor using Arduino IDE | Random Nerd Tutorials
- Getting Started With the ESP8266 and DHT22 Sensor
- Continuous Integration/Continuous Development with FOSS Tools | Linux Journal
- Automated Report Generation with Papermill: Part 2 - Practical Business Python
- Automated Report Generation with Papermill: Part 1 - Practical Business Python
- Three ways automation can help service providers digitally transform
- EPIC - Capitol One Breach Sets Record
- RTL-SDR: Seven Years Later | Hackaday
- Ansible: IT automation for everybody | Enable SysAdmin
- Log management: Helping IT admins to achieve infrastructure-wide visibility
- USENIX ATC 2019: A retargetable system-level DBT hypervisor, an I/O scheduler for LSM KVs, and more | Packt Hub
- Syslog : The Complete System Administrator Guide – devconnected
- What We Can Learn from the Capital One Hack — Krebs on Security
- 5 experimental cybersecurity trends your business needs to know about - TechRepublic
- Buttercup is an open source password manager for Windows, macOS, Linux, - gHacks Tech News
- 6 Challenges In Using Open Source Cybersecurity Tools
- Open Source Licensing and Turkish Law - Lexology
- 85% Of Total Bitcoins On Earth Have Already Been Mined, What's Next?
- AWS Certified Solutions Architect - Associate (2019) | Exam Experience - CHRIS STARK
- Chemical or Mineral Sunscreen? What To Know About Current Sunscreen Research : Shots - Health News : NPR
- What’s new in Java13?
- Java mon amour: No suitable client certificate could be found - continuing without client authentication
- DSHR's Blog: Blockchain briefing for DoD
- DSHR's Blog: Emulation as a Service
- The Life of Kenneth: Building Your Own Bluetooth Speaker
- Retired Certifications and Exams | Certification Policy - vmw-certification-retired-exams.pdf
- IT'S SO HOT OVER HERE. WE'RE MELTING. SEND HELP. - Raspberry Pi
- Performance Analysis Methodology - YouTube
- How to write great container images - Ricard Bejarano
- What is the common wire in electrical wiring? - The Silicon Underground
- What the Shuck is Going on Here?! - briancmoses.com
- SalesForce.Org Study: 40% of Nonprofits Planning To Integrate AI for Marketing | Beth's Blog
- The new 30-person research group in DC investigating how emerging technologies could affect national security - 80,000 Hours
- A Beginner's Guide to AWS CloudWatch (Walkthrough)
- Learn How to Code or Else: An IT Pro Guide
- Using PowerShell to copy to the clipboard (Core support too!)
- Step-by-step guide on how to set up WinRM on a Linux client
- Managing and automating AWS EBS snapshots (PowerShell)
- How to find Active Directory admin accounts authenticated by RODCs
- How to create a Chocolatey package (tutorial)
- Using the Invoke-DscResource cmdlet (no configuration needed)
- Discover Active Directory database size with PowerShell
- Under The Stairs: The End Of My Era
- Azure Security Center: How to Protect Your Datacenter with Next Generation Security | Robert Smit MVP Blog
- Deduplicating NTFS file systems (fsdup) - Philipp's Tech Blog
- When Redundancy Actually Helps - Marc's Blog
- 1. The complexity added by introducing redundancy mustn't cost more availability than it adds.
2. The system must be able to run in degraded mode.
3. The system must reliably detect which of the redundant components are healthy and which are unhealthy.
4.The system must be able to return to fully redundant mode.
- HOWTO: Disable weak protocols, cipher suites and hashing algorithms on Web Application Proxies, AD FS Servers and Windows Servers running Azure AD Connect - The things that are better left unspoken
- Solution for the SMB1 AD Authentication issue – ESXi 6.5U3 update | Techbrainblog
- How To Encrypt Data In Amazon S3
- HOWTO: Disable Unnecessary Services and Scheduled Tasks on Windows Servers running Azure AD Connect - The things that are better left unspoken
- Managing Active Directory Time Synchronization on VMware vSphere - The things that are better left unspoken
- HOWTO Enforce Azure AD Connect to use TLS 1.2 only - The things that are better left unspoken
- Building Azure policies to ensure compliance
- Security and Compliance in Microsoft Teams Video Series - Tom Talks
- Updating List of Trusted Root Certificates in Windows 10/8.1/7 | Windows OS Hub
- How to increase local datastore from the command line (using SSH) for ESXi 6.7.0 – Welcome to my blog
- Writing sustainable Python scripts | Vincent Bernat
- How To Automate NetApp Installations with Ansible
- Microsoft deactivates VBScript in IE as of August 2019 | Born's Tech and Windows World
- Cisco Live – The Minimalist Packing List | Herding Packets
- Conference Packing – The Little Things | The Networking Nerd
- Bond WiFi and Ethernet for easier networking mobility - Fedora Magazine
- Start a new git repository
- 2019 is the year of NVMe - Architecting IT
- Quick tip: uninstall a driver | >_
- Get-WindowsDriver -Online |
Where {$_.Version -eq '10.1.1.40'} | Foreach-Object {
pnputil.exe /delete-driver $_.Driver /force
}
- From the iPhone to Huawei: The New Geopolitics of Technology - Lawfare
- Computing and storage, both of which will increasingly migrate to remote servers (the “cloud”), bringing down the cost and increase the scale of data storage. This could have potential implications for security and communications, especially features such as distributed record-keeping (blockchain) and new developments in data storage.
Telecommunications, specifically the developments of a fifth generation (5G) of infrastructure, which may operate up to 20 times faster than existing systems, with low latency (delay in data communication). This will enable a vast array of applications, including driverless cars and machine-to-machine communications.
Artificial intelligence, specifically machine learning, which involves fast and accurate pattern recognition by feeding vast troves of data to computers in order to “teach” them. This can then be applied to language, visual imagery, and other domains to resemble a form of intelligence.
Automation, including the online integration of physical objects: cyber physical systems (CPS) or the “internet of things” (IoT). Think health monitors, remotely-managed factory robots, or internet-enabled security systems.
Manufacturing, including in materials, optics, sensors, and additive manufacturing (“3D printing”).
Energy, particularly renewable and mobile energy sources and smarter management systems.
- Unlocking Market Forces to Solve Cyber Risk - Lawfare
- Database Migration from non-CDB to PDB - Various Pitfalls
- Version 19.2 is now available – ThatJeffSmith
- Database Migration from non-CDB to PDB - The Patch Level Pitfall
- VMware Snapshots: vRealize Orchestrator SSL Certificates
- I'm going all-in on Serverless at AWS! :-) - WoodITWork.com
- VMware Snapshots: vRealize Orchestrator SSL Certificate
- Virtual Machine Compute Optimizer
- Demystifying IO Operation Readouts in ESXi | Cody Hosterman
- Amplify Framework Update – Quickly Add Machine Learning Capabilities to Your Web and Mobile Apps | AWS News Blog
- Synology Memory Issues and Crashing - The time I've wasted on technology...
- Make Sure Your SQL Servers are Running the Latest CU with the New SQL Assessment cmdlets | SQLvariations: SQL Server, a little PowerShell, maybe some Power BI
- Database Migration from non-CDB to PDB - Typical Plugin Issues and W/A
- Database Migration from non-CDB to PDB - The COMPATIBLE pitfall
- Database Migration from non-CDB to PDB - The Time Zone Pitfall
- Database Migration from non-CDB to PDB - The Component Pitfall
- Oracle Database Proactive Patch 12.1.0.2.190716 failing with ORA-04068 ORA-04061 ORA-04065 - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Programmer Uses "Logic Bomb" To Fool Company Into Rehiring Him Every Few Years
- Soft Skills Every Team Leader Should Have – Business Ideas
- How to Install Kanboard Project Management Software on Debian 10
- 7 Python Machine Learning Modules To Get Acquainted With - krypted
- Top Modern Data Warehouse questions | James Serra's Blog
- Happy Sysadmin day 2019 | Born's Tech and Windows World
- BlueKeep is almost here. If you haven’t installed Win7/XP patches since May, get your systems patched! @ AskWoody
- Bluetooth privacy and the FreeStyle Libre 2 glucose monitoring system | Ctrl blog
- Is AWS passing on the benefits of storage media price reductions? - Architecting IT
- Windows 7: Support ends in 6 months | Born's Tech and Windows World
- Update history of .NET Framework patches | Born's Tech and Windows World
- BlueKeep warning: Exploit might come soon? | Born's Tech and Windows World
- PowerShell Tutorial Mini-Course (Free)
- Create a PowerShell script to monitor SQL services
- An Active Directory user is locked out: don't panic! Use PowerShell
- Hi, I'm Dave and this is how I work
- How to remove Windows 10 apps with PowerShell (tutorial)
- Using WMI in PowerShell the easy way
- AWS X-Ray: Peering into Microservices built in AWS
- Using PowerShell to escape double quotes and all things strings
- Impress the boss with this basic PowerShell Windows Update report
- Building a PowerShell script from existing docs
- Cheat.sh Shows Cheat Sheets On The Command Line Or In Your Code Editor - Linux Uprising Blog
- How to earn a promotion as a sysadmin | Enable SysAdmin
- Top Cloud Compliance Software Tools
- Listen to Music through the Ubuntu Terminal
- Wielding PowerShell with file shares: Getting started
- The Cyberlaw Podcast: Illuminating Supply Chain Security - Lawfare
- The Cyberlaw Podcast: What It’s Like to Live Through a Big Data Breach - Lawfare
- Attorney General William Barr on Encryption Policy - Lawfare
- The Sorry State of Cybersecurity Imagery - Lawfare
- What can we learn from recent ransomware news? | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, Power Protect, CSM
- Use PowerShell to test a remote connection (a tutorial)
- Infrastructure testing with Pester: from the trenches
- How to use PowerShell to create scheduled tasks
- Here's how SRPs (Software Restriction Policies) work (tutorial)
- How to import an OVF file in VMware with PowerShell
- The unforeseen benefits of scripting and automation
- How to Transfer File Permissions with PowerShell
- How to check your PowerShell version (all the ways)
- How to check for a pending reboot (automated with PowerShell)
- Frankenstein at 200 - Lawfare
- Hiiro: A Modern Bizen-Yaki Water Carafe | Spoon & Tamago
- Bizen-yaki
- How To Check Swap Usage Size and Utilization in Linux - nixCraft
- How to Speed Up Package Downloads and Updates with apt-fast on Ubuntu
- Setting up a JMeter Cluster for web server load testing
- IT Burnout – The Task List | The Networking Nerd
- How to Use Topgrade to Easily Upgrade Your Linux System - Make Tech Easier
- CISSP Process Guide - Fadi Sodah (madunix) | ThorTeaches CISSP, CISM & CISA
- Sunflower notes - CISSP - Maarten de Frankrijker | ThorTeaches CISSP, CISM & CISA
- The memory palace – Prashant Mohan | ThorTeaches CISSP, CISM & CISA
- SQL Server 2019 availability group R/W connection redirection, routing mesh and load balancing - Blog dbi services
- How to Stay Ahead of the Competition – Running Your Business
- Video : Oracle Linux 8 Installation | The ORACLE-BASE Blog
- Moving your SQL Developer preferences between machines – ThatJeffSmith
- Data in a Flash, Part IV: the Future of Memory Technologies | Linux Journal
- On a Budget: Best Ways to Cut Back on Costs As a Single, Working Mother | Penniless Parenting
- ICND1 & ICND2 » Connect Python to GNS3 for Automation in Win10
- Which Households Spend More, Less, or Exactly What They Earn? Breakdown by Income Level — My Money Blog
- The power of focus: Why you should tackle one goal at a time
- Negotiation Skills You Should Cultivate – Entrepreneurs
- vSphere 6.7 Update 2 Upgrade Guide - VirtuallyInclined.com
- Building a Modern CI/CD Pipeline in the Serverless Era with GitOps | AWS News Blog
- United State's DMARC Status script X-Post /r/Sysadmin : netsec
- Test your Windows Server 2016 configuration with PowerShell
- Bulgarian tax agency breach may have compromised 5 million people
- Build a PowerShell menu that'll blow your users' socks off
- The PowerShell parameter demystified and uncovered
- Backup as a Service - Architecting IT
- On-premises infrastructure - as a service - Architecting IT
- Equifax reportedly close to $700 million data breach settlement
- I Was A 10x Engineer. And I’m Sorry. | The Networking Nerd
- =
- ICND1 & ICND2 » OSPF Sim
- ICND1 & ICND2 » OSPF Neighbor Sim
- Erman Arslan's Oracle Blog: OBIEE -- Strange error & Interesting Solution "You cannot publish to the Apps Library because you do not have write permission on the /Apps folder in catalog."
- Best Practices for Oracle Data Guard on Azure – DBAKevlar
- “Cadillac Tax,” While Likely Repealed, Would Control Health Care Costs
- it would tax $0.40 of every dollar of health insurance benefits over $11,200 for individuals and $30,150 for families. According to Kaiser Family Foundation, in 2018, average annual premiums for individuals were about $7,000, and about $20,000 for families.
- Unison: Your Home Has a ~30% Chance of Being Worth Less in 5 Years — My Money Blog
- Whats a SQL Notebook in Azure Data Studio? | SQL DBA with A Beard
- Don't buy a new car without this cheat sheet!
- 3 Areas to Start Freelancing on the Right Foot: Communication, Invoicing and Learning – Business Ideas
- Learning Docker Image Layers and Cache Best practices – Virtual Me
- Druva – In The Cloud, Of The Cloud, Protecting The Cloud | PenguinPunk.net
- AWS Named as a Leader in Gartner’s Infrastructure as a Service (IaaS) Magic Quadrant for the 9th Consecutive Year | AWS News Blog
- The Four Horsemen of the Appocalypse | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, Power Protect, CSM
- Apathy: It doesn’t matter if this application is old, we’ll just let the requirements of the legacy application define what we can or can’t do within the business. I perhaps saw this best when new Windows laptops had to be forcibly downgraded to 32-bit versions because a critical business desktop application was 16-bit and incompatible with 64-bit versions of the OS. This caused a plethora of other challenges, but hey! the 16-bit application kept on ticking.
Procrastination: Let’s leave it another year and see if the problem goes away. (Narrator’s voice: It won’t.) This is the “kicking the can down the road” solution. It’s not quite the same as apathy. Whereas apathy will result in delays on new systems upgrades or functions, procrastination will lead to some upgrade, at some point, being done, and chaos erupts! as the legacy application ceases to be accessible.
Budget: We’d get to this if we have the money. But it’ll cost $X to fix it and we don’t have that money. Meanwhile, flagellate the IT department for having to pay a 30% increase in maintenance fees on end of service life equipment, and ignore the soft costs of people spending endless amounts of time keeping equipment and systems on life-support.
Emulation: Virtualise it and make it go away. More recently, that can also mean containerise it and make it go away. (Maybe the next step will be legacy production applications running in WINE?)
- How to convert an employee handbook to SharePoint library with metadata - SharePoint Maven
- Planning a cloud migration? Get your identity privileges in check first
- Tech Debug » Sunscreen – Does it really help?
- Chris's Wiki :: blog/sysadmin/SwitchesAndPowerGlitch
- Active Directory Administrator ‘Backdoor’ | Born's Tech and Windows World
- The king of dal | Seth's Blog
- LEGO-Based Robot Arm With Motion Planning | Hackaday
- Steganography: The Art of Concealing
- Post Archive - Ohio InfoSec Forum
- Inside the IT industry’s largest commercial open source software ecosystem - Technology, Tech, Red Hat, Open Source, Business, Society - Comms MEA
- Are Open Source Active Path Testing Tools Viable for You? | Insight for the Connected Enterprise
- What Is Open-Source Software? (+The Benefits and Risks)
- ThoughtWorks Releases Taiko - A Free and Open Source Browser Automation Tool
- Swimlane research team open sources pyattack | Swimlane
- Computer password inventor Fernando Corbato dies at 93
- Fernando "Corby" Corbato
- Two Years After WannaCry, NHS Still Not Properly Safeguarded Against New Attacks - Security Boulevard
- Cyberattack shuts down La Porte County government systemsSecurity Affairs
- CVE-2019-1132 Win 0Day used by Buhtrap Group in government attackSecurity Affairs
- CVE-2019-1132
- Executives’ Changing Views on Cybersecurity - Security Boulevard
- Healthcare Needs Cybersecurity Pros that Anticipate What Threat Actors Will Do Next [Q&A with Dr. Rebecca Wynn] - Security Boulevard
- Matrix Medical Network
- Top 10 Best Cyber Security Podcasts of 2019 - Security Boulevard
- Thirty-four years - Building out Disaster Recovery (Part 6)
- Thirty-four years - System Administration, Backups, and Data Centers (Part 5)
- GDPR Bares Its Fangs: €315 Million in Penalties over Just Three Days - Security Boulevard
- Fire Up Your Cyber Security Career with These 9 Job-Related Tips - Hashed Out by The SSL Store™
- Hack the Box (HTB) machines walkthrough series — YPuffy - Security Boulevard
- "Glass-box" Solutions Are Critical For Cybersecurity Reporting To Executive Management - Security Boulevard
- What is Shadow IT? - Security Boulevard
- How Do Your Cyber Exposure Practices Stack Up to Those of Your Peers? - Blog | Tenable®
- Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery - TechRepublic
- the time between an attack penetrating a network's defenses and being discovered—ranged from 43 to 895 days for SMBs, the report found. The average dwell time for confirmed, persistent malware was 798 days. Dwell time for riskware—including unwanted applications, web trackers, and adware—averaged 869 days.
- Wannacry ransomware attack: Industry experts offer their tips for prevention - TechRepublic
- Zero Day Initiative — The July 2019 Security Update Review
- Cheat-Sheets — Malware Archaeology
- deploying-security-onion-for-monitoring-hids.pdf
- 5 Tips to Create an Effective Information Security Management Committee (ISMC) | Pivot Point Security
- Major Security Risks and Mitigation Strategies for 2019Rafeeq Rehman – Personal Blog
- Rifiuti2 - Windows Recycle Bin Analyser
- Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services
- Commando VM v1.3 - The First Full Windows-based Penetration Testing Virtual Machine Distribution
- Install Kubernetes on Windows 10 Professional | geekdudes
- Trial period reset of Visual Studio Community Edition – Dimitri's Wanderings
- Is insurance coverage for cyber claims barred by a war exclusion?
- Automatically Build Kali VM’s in VirtualBox – JerryGamblin.com
- Documentation required by ISO 27001 - IT Governance Blog
- To use ITIL 4 or not use ITIL 4, that is the question - IT Governance Blog
- The GDPR: Preparing your organisation for DSARs - IT Governance Blog
- How to handle a ransomware attack - IT Governance Blog
- How should you investigate a data breach? - IT Governance Blog
- Infosecurity.US - Web Log - Nearly Thirty Percent Of Most Popular VPNs Worldwide Owned By Hidden Chinese Organizations
- ShowMeCon 2019 20 TLSv13 Minor Version Major Changes John Wagnon - YouTube
- How a decentralized cloud model may increase security, privacy | CSO Online
- How to bridge the cyber-risk management gap | CSO Online
- Certain Anesthesia Devices Have Vulnerabilities: Researchers
- Researchers Disclose Vulnerability in Siemens' ICS Software
- An Introduction to API Based Documentation Automating - EvilTester.com
- U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack
- Combating WannaCry and Other Ransomware with OpenZFS Snapshots - iXsystems, Inc. - Enterprise Storage & Servers
- The Prehistory of the Computer - krypted
- McAfee Endpoint Security blocks Windows login | Born's Tech and Windows World
- Tomato and Watermelon Salad, Easy, Vegan, Paleo, and Delicious | Penniless Parenting
- Why application security should be a key part of development [Q&A]
- Hyperconvergence Performance Testing | ESX Virtualization
- VMware vRealize – Operations Without Operators | PenguinPunk.net
- Building a Multi Regional Web Application with Azure Front Door - Cloud for the win!
- Performance Hub in Oracle Autonomous Database – ThatJeffSmith
- GIS on Linux with SAGA | Linux Journal
- JSON and XML: How Do They Compare? - via @codeship | via @codeship
- Three key checklists and remedies for trustworthy analysis of online controlled experiments at scale – the morning paper
- Empathy, Applications, User Experience. | Tallan Blog
- Top 10 Tools in My Personal Learning Environment 2019
- The $50,000 an hour gate agent | Seth's Blog
- Java mon amour: Java JSSE SSL flags
- Write a Novel with Open Source Tools » Linux Magazine
- How to be an IT rock star - Cliff Saran’s Enterprise blog
- Preserving Laptop Stickers on MacBooks - Graham Stevens – Grh.am
- SQL SERVER – Security Conversations and Notes with a DBA – it's notes
- Chris's Wiki :: blog/sysadmin/YubikeyMostlyDropped
- The 10 Top GUI Tools for Linux System Administrators
- RHEL 8 enables containers with the tools of software craftsmanship
- Building a computer - part 1
- German data protection organization: use of Office 365 in schools is illegal – Nextcloud
- MTTR is dead, long live CIRT | Opensource.com
- Why virtualize Domain Controllers? - The things that are better left unspoken
- Sizing Domain Controllers correctly on VMware vSphere - The things that are better left unspoken
- Microsoft Putting Patent Traps Inside Linux While Blackmailing Companies Using Patents Associated With These Traps | Techrights
- Customising an ESXi Image Profile
- Azure VM vs Disk vs Costs, Does Size matter ? or a Higher price for better specifications #Azure #Storage #Performance | Robert Smit MVP Blog
- On PASCAL - krypted
- Microsoft Security Update Summary (July 9, 2019) | Born's Tech and Windows World
- What you should measure on your database storage and why - Blog dbi services
- Storage performance benchmarking with FIO - Blog dbi services
- Microsoft surreptitiously adds telemetry functionality to July 2019 Win7 Security-only patch @ AskWoody
- Cloud Services - Build, Buy or Fork? - Architecting IT
- Automating PowerShell Universal Dashboard Installation in Azure
- 4 Reasons Why SOC Superstars Quit
- Vulnerability Found in GE Anesthesia Machines
- Industry Insight: Checking Up on Healthcare Security
- Monroe College Hit with Ransomware Attack
- British Airways faces record £183 million GDPR fine after data breach
- Learn Everything There is to Know about Testing PowerShell Scripts
- The most magnificent thing about Vulnerabilities and who is behind the magic | Alexander V. Leonov
- Marriott Faces $124 Million GDPR Fine in UK
- Microsoft Patches Zero-Day Vulnerabilities Under ...
- 32 Active Directory Scripts to Automate Anything
- 10 tips for reviewing code you don't like - Red Hat Developer Blog
- Happy 20th Birthday SAP Linux Lab! - SUSE Communities
- A Complete History of Computers: From the 1800s to Now
- I’ve Been Reading Books Wrong | levlaz | лев | 列弗
- Steve Jobs Magically Saved Apple By “Casting Spells”: Bill Gates
- Serverless: The Minimilism Mindset - WoodITWork.com
- Assumptions | Oracle Scratchpad
- Yes you can! Submitting an InfoSec CFP | CyberWatch
- Book Review: The Spy in Moscow Station
- Linux for Pentester: git Privilege Escalation
- Croatia government agencies targeted with news SilentTrinity malwareSecurity Affairs
- SilentTrinity
- Chris's Wiki :: blog/linux/SoftwareRaidClearingDiskErrors
- Howto create a Debian 9 preview as Vagrant box with Packer
- DarkScrape - OSINT Tool For Scraping Dark Websites
- Story – Packet Loss and Failing 10Gbps SFP+ Optic
- Raspberry Pi: Combine a Raspberry Pi with up to 4 Raspberry Pi Zeros for less than US$50 with the Cluster HAT - NotebookCheck.net News
- Essential Eight Maturity Model | Cyber.gov.au
- 10 Types of Phishing Attacks and Phishing Scams - Hashed Out by The SSL Store™
- Pi4 not working with some chargers (or why you need two cc resistors) – The blog of Tyler Ward (aka scorpia)
- How to design a proper USB-C™ power sink (hint, not the way Raspberry Pi 4 did it)
- How many kinds of USB-C™ to USB-C™ cables are there? — Benson Leung
- Patch OBIEE the quicker way - with OPatch napply
- How to find expensive, inefficient and long running LDAP queries in Active Directory | Ask Premier Field Engineering (PFE) Platforms
- CERN Computer Security Information
- unclass-faq_dodroot_cert_chaining_issue.pdf
- CISSP 16-week Study Guide, Resources, and Links to Source Documents : cissp
- Study Notes and Theory - A CISSP Study Guide
- 1230_DISAs_Application_Security_and_Development_STIG_How_OWASP_Can_Help_You-Jason_Li.ppt - DISAs_Application_Security_and_Development_STIG_How_OWASP_Can_Help_You-Jason_Li.pdf
- Design and Development of a Web-Based DOD PKI Common Access Card (CAC) Instruction Tool
- Microsoft Word - Section Dividers.doc - 2012pki.pdf
- Passed, Thank You. : cissp
- Remediate Specific Cipher and TLS/SSL Vulnerabilities in Windows | RainingForks Tech Blog
- UK Forensics Firm Paid Ransom in Cyberattack
- Secure Oracle database binaries by updating JDK – Geodata Master
- CPSC 4660
- PowerPoint Presentation - TueAM2_2_CMMI.pdf
- Index of /~grewe
- Ten Strategies of a World-Class Cybersecurity Operations Center - pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
- Want to Raise Successful Kids? Science Says Do These 5 Things Every Day | Inc.com
- mdctf
- Why Cybersecurity Threats in Medtech are Really Scary | MDDI Online
- Steve Abrahamson
- Common Access Card (CAC)
- CAC Overview
- DoD PKI and KMI Token Protection Profile (Medium Robustmess), Version 3, 22 Mar 2002 - PP_PKIKMI_TKN_MR_V3.0.pdf
- Study resources | ThorTeaches CISSP, CISM & CISA
- Developer Resources
- Medical Device Security: The CISO’s View - HealthcareInfoSecurity
- Jennings Aske
- Securing Remote Desktop (RDP) for System Administrators | Information Security Office
- Dangerous States of Mind – SafeStart
- The Packer, The Windows, and the Vagrant box
- How To Design A Quick Reference Card
- 10. Virtualization with KVM
- CVE security vulnerability database. Security vulnerabilities, exploits, references and more
- Ansible vs. Terraform: Fight! - Linux Academy Blog
- NVD - Data Feeds
- Why Healthcare CIOs Are Embracing the Cloud
- 1. Communication With Patients
2. Collaboration with Physicians
3. Scalability for Growth
4. Data Recovery
5. Research Opportunities
6. Compliance
- Boscloner Next-Gen RFID Testing
- The Purdue model for Industrial control systems - Industrial Cybersecurity
- 2018-Present - dpmilroy
- Ten User
- Pavilion Data Systems Overview | PenguinPunk.net
- VMWare vSphere 5.5 - Showing incorrect information in vSphere Web Client - The time I've wasted on technology...
- Script Compare Server Configurations
- Script Compare DHCP Server Settings with PowerShell DHCP Cmdlets
- VM Become Unresponsive During vMotion. – VMwareMinds
- Microsoft Word - nessus_compliance_checks (2).docx - nessus_compliance_checks.pdf
- 3 Tips for Enterprise Patch Management
- I Feel Stupid Doing This but It Helps When Presenting
- Report: UK's Largest Forensics Firm Pays Ransom to Attacker
- Introducing Kvasir - Cisco Blog
- TIP: List of Undocumented WUAUCLT Command Parameters - System Center Central
- Windows Update WUAUCLT Command Line Switches » Technology & MSG » Blog Archive
- PowerShell script help for Windows Update
- The Skills Needed to Combat Today’s Cybersecurity Threats - Security Boulevard
- Some notes on the Raspberry Pi - Security Boulevard
- Top 30 Security Auditor Interview Questions and Answers for 2019
- The Top 10 Linux Kernel Vulnerabilities You Should Know
- Are We in a Cyberwar? Yes, Say Many IT Security Pros - Security Boulevard
- Employee Attack Likelihood: The Hidden Indicator Nobody Talks About - Security Boulevard
- The 7 Deadly Privileged Accounts You MUST Discover, Manage and Secure - Security Boulevard
- Deriving value from the MITRE ATT&CK Threat Model - Security Boulevard
- Top 4 Things to Tell New Hires About Cybersecurity - Security Boulevard
- A basic question about TCP - Security Boulevard
- Ransomware Attack Encrypts Medical Records at Australian Hospital - Security Boulevard
- OODA and Cybersecurity - Security Boulevard
- Cybersecurity Dashboards That Empower Decision Making
- Ransomware Attacks Becoming are More Widespread, Destructive and Expensive - Security Boulevard
- The Five Most Startling Statistics from this 2019 Global Survey of 1,200 Cybersecurity Pros [Infographic] - Security Boulevard
- Kubernetes Security Best Practices to Protect Your Cloud Containers -
- HCISPP or CISSP? What’s the Difference and Which Is Best for You? - Security Boulevard
- Jeff Man Chats about His NSA Origin Story and the State of Cybersecurity Today - Security Boulevard
- Ransomware forces Michigan medical practice to close shop - Security Boulevard
- Best Practices for Automation in Cyber Security
- NYDFS Implementation Grace Period Marks Strengthening Of Vendor Security - Security Boulevard
- Carbon Black Report Indicates Industries Most Targeted For Cyber Attack - Security Boulevard
- Healthcare Industry Remains Cybersecurity Laggard - Security Boulevard
- Is FedRAMP Criticism Fair?
- Internal Audit and IT: Joining the Same Cybersecurity Team - Security Boulevard
- Cloud Security Myth vs. Fact #1: My Provider Protects My Data - Security Boulevard
- Security that Doesn’t Slow You Down - Security Boulevard
- GDPR Business Benefits Beyond Just Compliance - Security Boulevard
- Part of the IT Career Energizer podcast - Thomas Maurer
- Load Balance IIS with Microsoft ARR | PeteNetLive
- Lessons in Vendor Lock-in: Google and Huawei | Linux Journal
- Wesng - Windows Exploit Suggester
- Understanding Key Management Policy – Part 2 - Gemalto blog
- Understanding Key Management Policy – Part 1 - Gemalto blog
- RobbinHood Ransomware Demands Grow $10K Per Day after Fourth Day - Security Boulevard
- Trends in Cyber Attacks Over the Last 15 Years by Bill Crowell - Security Boulevard
- Ransom amounts rise 90% in Q1 as Ryuk increases - Security Boulevard
- Why Every Leadership Meeting Should Include a Cybersecurity Update
- PKI: Why it’s as relevant today as it was 10 years ago - Security Boulevard
- Third Party Security Risks to Consider and Manage - Security Boulevard
- Navicent Health Discloses Data Breach as the Result of a Digital Attack - Security Boulevard
- Treating security like safety: What the FDA’s recognition of UL 2900-2-1:2018 means for developers - Security Boulevard
- 5 Minute Guide: The NYDFS 500 Cybersecurity Regulations - Security Boulevard
- Part Two: How Healthcare Cybersecurity Can Enable Innovation
- How Healthcare Cybersecurity Can Enable Innovation
- A Battle-Cry for Oracle EBS Security - Security Boulevard
- Programming languages infosec professionals should learn - Security Boulevard
- Why your development team should care about software compliance - Security Boulevard
- April's Oracle CPU Fixes Critical Bugs Reported by Onapsis - Security Boulevard
- Automating chaos experiments in production – the morning paper
- Tracking Company Jets with ADS-B to Give an Edge to Hedge Fund Investors
- Understanding Elliptic Curve Cryptography And Embedded Security | Hackaday
- Bird Feeder Monitor V2.0: 12 Steps (with Pictures)
- OpenPGP experts targeted by long-feared ‘poisoning’ attack – Naked Security
- Docker Image Security Scanning: What It Can and Can't Do - Security Boulevard
- 50 Best Kubernetes Architecture Tutorials - Threat Stack
- 30,000 organisations have certified to Cyber Essentials - IT Governance Blog
- FreeBSD Enterprise 1 PB Storage | 𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗
- China Targeting USG Employees Via Anthem Hack - Security Boulevard
- Why doesn't the next Pi add...? Why doesn't the Pi 4 have...? The definitive debunking! - Raspberry Pi Forums
- Six Myths People Still Believe About GDPR
- Ransomware Takes Weather Channel Live Broadcast Offline - Security Boulevard
- Samba 4.11 Aims To Be Scalable To 100,000+ Users - Phoronix
- My Best Hires had 30% of “The Wrong Stuff” - Security Boulevard
- Think Cybersecurity Insurance Will Save You? Think Again. - Security Boulevard
- ITIL 4 — The main ITSM methodology gets agile and integrated with the most modern business practices - Security Boulevard
- AWS HIPAA Compliance Best Practices Checklist - Threat Stack
- ITIL v3 vs ITIL v4: What changed? | Phoenix TS
- Is The NIST CSF Replacing HIPAA In Healthcare? - Security Boulevard
- Ransomware First Response Guide - What to do in the ‘Oh $#@t’ moment - Security Boulevard
- IT vs. Sales - Turning Cybersecurity Into a Revenue Center - Security Boulevard
- Top 7 Tools and Tips for Improving Your DevOps Pipeline - Security Boulevard
- CyberSeek career path: Cybersecurity architect
- Protecting customer data at contact centers - Security Boulevard
- The CEO's Guide To Understanding Cyber - Security Boulevard
- Welcoming FIPS 140-3 - Security Boulevard
- FIPS 140-3
- 8 security points of vendor lifecycle management - Security Boulevard
- Inventorying vendors. List all your vendors and third parties that access any part of your networks or systems. Although it may be time-consuming, this process will allow you to know ALL the vendors accessing your networks, systems, and applications. This is also vital for the next step in the process, the vendor risk assessment, where you rank the risks associated with that access.
Vendor security assessment. Existing and new vendors should be transparent about their security and remote access practices. It’s important for them to implement best-in-class security that protects your customer data and other sensitive business information.
Vendor contracts. Your vendor contracts should include service level agreements (SLAs) that define the type and level of security the vendor uses enterprise-wide. Also included should be penalties for any outages, breaches, or network misuse.
Access management. Vendor technicians should only have access to the networks, servers, and applications they need to support your business. Ensure that you have the ability to restrict access rights at the system or user level. Look for a vendor privileged access management (VPAM) tool that allows you to schedule access for specific times for attended and unattended access.
Onboarding. Any software that you use to implement VPAM should have full-service onboarding and implementation services included. Some VPAM solutions validate employment status and provide the necessary access while obfuscating the actual network credentials. This is more efficient and user-friendly for the vendor’s staff.
Off-boarding. A VPAM solution should be able to transparently audit and track user activity (or lack of activity). It should also allow you to easily terminate access at the individual level. Your VPAM solution should provide an efficient and secure way for a vendor to de-provision their users that then doesn’t require customer intervention.
Monitoring, audit, and compliance. Your VPAM solution must audit and record sessions so any breach can be discovered early and tracked. This also helps to uncover any vulnerabilities as well as keep you compliant with necessary regulations and standards. Since data security and regulatory compliance are imperative for companies in highly regulated industries, your VPAM solution should produce detailed reports of who has accessed sensitive data at any time.
Usability. Solutions for third-party access should provide multi-factor vendor user authentication and automated user management that is easy to use. The process should be simple and should smoothly integrate into a normal workflow. The more user-friendly the solution, the more likely users will take advantage of it.
- The Public's Interest in Cybersecurity
- 3 things finance professionals need to know about the GDPR - Security Boulevard
- Document archiving
Right of access
Incident response
- Fourth-Party Security: Another Level of Security Management
- How organisations can effectively manage, detect and respond to a data breach? - Security Boulevard
- 8 Patch Management Best Practices to Implement
- #1: Inventory Your Systems
A comprehensive inventory of all software and hardware within your environment is a critical piece of any patch management process. Once you have a clear picture of what you have, you’ll be able to compare the known vulnerabilities to your inventory to quickly discover which patches matter to you.
#2: Assign Risk Levels To Your Systems
Risk levels give you the ability to choose the right priorities. Don’t waste the 18,000 hours spent on patching by applying patches to the wrong systems.
While all systems should be patched, it makes sense to assign risk levels to each item in your inventory. For example, a server in your network that is not accessible from the Internet should not be as high a priority to patch as a laptop used by your sales team. The more exposed to attack an item is, the faster it should be patched.
#3: Consolidate Software Versions (And Software Itself)
The more versions of a piece of software you use, the higher the risk of exposure. It also creates large amounts of administrative overhead. Choose one version of Windows, Linux, or MacOs and keep that version up to date with patches.
Large organizations sometimes buy different software products that perform similar functions. Periodically review all software in use and its purpose. When you find multiple pieces of software performing the same function, choose one and get rid of the rest. Fewer software products mean fewer patches you have to apply.
#4: Keep Up With Vendor Patch Announcements
Using third-party vendors is a common practice. It’s good business sense to use a product to perform a common task and to spend your energy building software that differentiates your business.
Keeping up with vendor patch announcements is key in this heterogeneous environment. Once you have a clear inventory of products, subscribe to all of their security updates through whatever channel patch announcements are made. Monitor each of these by sending them to a specific inbox or Slack channel. Create a process to ensure none fall through cracks so each patch can be added to the patch schedule.
#5: Mitigate Patch Exceptions
Sometimes a patch cannot be applied right away. For example, a Java patch may break an existing business application. Changes need to be made to make the patch work. However, this will take time.
In these situations, mitigate the risk to the extent possible. Lockdown user permissions on the server (which you should do anyway). Don’t leave an unpatched server exposed to the Internet. Figure out how to reduce the impact and likelihood of an exploit until the patch can be applied safely.
#6: Test Patches Before Applying Everywhere
Every environment is unique. A patch could cause problems or even bring down machines with certain configurations. Take a small subset of your systems and apply the patch to them to make sure there are no major problems.
Once a handful of systems check out, begin rolling out the patch to larger and larger groups until the entire company is patched. Patching quickly doesn’t mean applying the patch everywhere at once. Make sure patches don’t fall through the cracks and that a plan is in place to get everything patched in a timely manner.
#7: Apply Application Patches As Quickly As Possible
Applications you build have much more flexibility than operating systems and servers. When security vulnerabilities are found in your custom code, these should be added to the dev team’s backlog and treated with the same importance as vendor patches.
Don’t leave the door open for an attack in your own applications. Quickly fix vulnerabilities and update your software in production.
#8: Automate Open Source Patching
Open source components help dev teams to build software more efficiently. But open source libraries are susceptible to the same vulnerabilities as other software.
- HIPAA Compliance and Cybersecurity: How the Two Work Together - Security Boulevard
- 10 Things You Need to Know About Kerberos - Security Boulevard
- Who actually invented Kerberos and when? Kerberos is a stateless network protocol developed by MIT and considered as licensed for distribution and modification. Kerberos started as part of Athina (another mythology reference!) project in 1979, aimed at protecting MIT computer networks.
What makes Kerberos so special? Kerberos uses secret-key cryptography to provide secure communication over non-secure channels. Essentially, Kerberos is a trusted 3rd party server that issues tickets for users so they can authenticate to systems and services.
Which Kerberos feature made it so valuable for organizations? Although it may seem strange and perhaps somewhat naive, it became valuable because the implementation for Microsoft and Mac devices used DES encryption.
What is a Kerberos ticket, in a nutshell? Kerberos uses tickets to authenticate and grant access. Tickets created by a ticket granting server (TGS) are trusted by authentication server, to a specific service or endpoint requested by an account. Ticket serves as a proof of (your) identity and is always encrypted with a secret key. As long as your Kerberos ticket is valid, you will get access to the system or service.
Is it a pure single-side client server model or can it be used for mutual identity verification ? Yes and yes. It is a mutual handshake where the client and server can verify each other’s identities. They accomplish this by using the encryption of timestamp with joint session key or via challenge/response that was introduced in 2005 to solve associated vulnerabilities.
When did Microsoft officially adopted Kerberos as default authentication protocol? In year 2000: Seven years after MIT released its first Microsoft implementation. Microsoft is now using their own implementation of Kerberos rather than MIT’s original version. Your guess is as good as mine as to what goes into Microsoft’s secret sauce.
What is a “Pass the Ticket” attack? Attackers can use tools such as Mimikatz and Windows Credential Editor to mine Kerberos tickets from compromised user endpoints or from authorization servers. Once the hacker gets a hold of these tickets, they can laterally move around the network to see privileges and harvest information that can help them gain access to critical systems.
What about ‘Golden Ticket’ – is that a VIP pass? Yes – you now can go to the Chocolate Factory! Jokes side: this is called a ‘Golden Ticket’ because you are granted indefinite creation of a Kerberos generating ticket which is usually hard coded to grant access for 10 years by default (modified if you want).
Are encryption keys kept unencrypted in memory during protocol use? Yes, that is a fact. Try not to think about this too much; my grandmother always claims ignorance is bliss.
If Kerberos is supposed to be secure and widely trusted, do I still have to use strong passwords? Passwords are, unfortunately, here to stay as they are used to encrypt the certificates. Failing to use strong passwords will allow for a bruteforce attack.
Ok…for the mega-Kerberos fanatic, lets add a bonus question:
What happens if the Kerberos authentication server is down? The authentication system will be out of service. This is one of the things that makes them so attractive and the reason behind why there are so many in each deployment.
- Cybersecurity KPIs for the SMB
-
Mean Time to Detect: How long did it take us to detect the issue?
Mean Time to Respond: This metric comes from a service management perspective, and assumes someone is alerting you to a problem like an outage – typically not the case for the SMB.
If you’re using a SIEM, some organizations leverage the metrics it can provide (total number of events, total devices being monitored). I have discussed the shortcomings of SIEM for the SMB elsewhere, as well as how we are modernizing SIEM functionality within our MDR process/platform.
Which Configuration Settings have you changed? How many? The policy should dictate one number – how many systems actually reflect your policy (that you spent so much time coming up with) is of interest in assessing the progress in executing on that vision.
Patches per asset per month - shows you the rate at which you’re addressing hygiene issues. Of course, understanding this in the context of patches remaining can help too.
Vulnerabilities identified/remediated per week – ultimately, these vulnerabilities are the source of your problems. By tracking your progress in remediating vulnerabilities, you are demonstrating progress in reducing the risk facing your organization, as there is a risk that any such vulnerability could be exploited.
- St John Ambulance service hit by ransomware attack
- How to Make Your Own Windows PE Rescue Disc (And Keep Your PC Safe)
- The Cost of Ransomware Attacks on Cities - Security Boulevard
- Zeodium pays up to $500,000 for VMware ESXi, Microsoft Hyper-V exploitsSecurity Affairs
- Anubis II - malware and afterlifeSecurity Affairs
- How to get back files encrypted by the Hacked Ransomware for freeSecurity Affairs
- Norsk Hydro estimates losses roughly $41M in first week after cyberattackSecurity Affairs
- 7 tips for preventing ransomware attacks - IT Governance Blog
- The German chemicals giant Bayer hit by a cyber attackSecurity Affairs
- Sodin Ransomware includes exploit for Windows CVE-2018-8453 bugSecurity Affairs
- Thirty-four years - Security and firewalling (Part 4)
- Thirty-four years - The System Office, Novell Directories, and Building a State Backbone (Part 3)
- Thirty-four Years - Networking and Software Development (Part 2)
- Thirty-four Years - Instructor, Machinist, CNC and CAD/CAM (Part 1)
- Dell precision screen upgrade (FHD to UHD) | NotebookReview
- 6GXDN - 4k cable
B173ZAN01.0 - AUO 4k panel
- Siemens Healthineers medical products vulnerable to Windows BlueKeepSecurity Affairs
- Ransomware paralyzed production for at least a week at ASCOSecurity Affairs
- US Government halves deadline for applying critical patches to 15 days – Naked Security
- Health Apps Can Share Your Data Everywhere, New Study Shows - VICE
- Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ - VICE
- Rewite http to https – it's notes
- Tracking and Analyzing Remote Desktop Activity Logs in Windows | Windows OS Hub
- Enable Encryption for Microsoft SQL Server Connections
- Docker, Docker-CE, Docker-EE and Moby, which one do I pick? – Marksei
- WSUS: Endpoint decommissioned; SHA2 update required | Born's Tech and Windows World
- PostgreSQL
- VMware begins patching process for Linux SACK vulnerabilities
- Security Teams: What You Need to Know About Vulnerability Response - Blog | Tenable®
- Sodin ransomware exploits Windows vulnerability and processor architecture | Securelist
- CCPA: What health care, biotech and life sciences companies should know now
- Importing VMs to KVM with virt-v2v
- The Pains Of Vulnerability Coordination – And What To Learn From It – RBS
- MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud
- Hash-Identifier - Software To Identify The Different Types Of Hashes Used To Encrypt Data And Especially Passwords
- 'Zero Trust' Adds Up to Better Security - HealthcareInfoSecurity
- Adoption of Security Best Practices: A Status Report
- Medical Device Security: The Manufacturer’s View
- Unsupervised Learning: No. 181 | Daniel Miessler
- Top 20 Best Disk and File Encryption Software for Linux in 2019
- Raspberry Pi: Power On / Off A TV Connected Via HDMI-CEC - Linux Uprising Blog
- Functional Programming in Python – Real Python
- Robots.txt is 25 years old — Martijn Koster's Pages
- 5 common mistakes made by beginner python programmers - https://www.pythoncircle.com
- LINUX Unplugged 308: The One About GPU Passthrough
- Getting rid of annoying, repetitive messages in /var/log/messages | Frits Hoogland Weblog
- D-Link agrees to 10-year security assessment to settle FTC lawsuit
- Fix Apple Hardware Problems with Deep Cleaning - TidBITS
- Mellanox: automatic firmware update | panticz.de
- The Command Line In 2004
- Learn how to Record and Replay Linux Terminal Sessions Activity
- Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time - Microsoft Security
- The Forgotten Operating System That Keeps the NYC Subway System Alive - VICE
- How To Buy Hardware That’s Likely to Last - TidBITS
- Learning Docker creating your own base image – Virtual Me
- Learning Docker create your own micro-image – Virtual Me
- Learning Basic Docker Commands – Virtual Me
- US Cyber Command warns of nation-state hackers exploiting Outlook
- AI Could Usher in a New Generation of Catfishing - VICE
- China Is Forcing Tourists to Install Text-Stealing Malware at its Border - VICE
- Why time series databases are exploding in popularity - TechRepublic
- Inspecting Audit Logs with ausearch and aureport | Lisenet.com :: Linux | Security | Networking
- Health Data Breach Tally: A Mid-Year Update - HealthcareInfoSecurity
- Cybersecurity for Gamers 101: Gaming Malware and Online Risks
- Lake City Employee Fired Following Ransom Payment
- Healthy Food Choices For Healthy Teeth | Penniless Parenting
- HOWTO: Disable Unnecessary Services on Web Application Proxies - The things that are better left unspoken
- Five Skills That Help You Lead Remotely
- Be a flexible communicator
Set clear expectations.
Be observant.
Build trust.
Use technology.
- Horizontal leadership | Seth's Blog
- 5 Bootable Windows PE-Based Recovery Discs That'll Save Your System
- Build Your Own Selfie Drone With Computer Vision | Hackaday
- Exploring Basement Humidity With A Raspberry Pi | Hackaday
- FarmBot Unveils New CNC Gardening Robot Models | Hackaday
- Intel and the auto industry pen first safety rules for self-driving cars
- Risk Management - If a Thing is Worth Doing, Its Worth Doing Right | Pivot Point Security
- Veeam Virtual Labs & SureBackup | PeteNetLive
- Senator Warren Says Key FCC Cybersecurity Advisory Council Panders to Industry - VICE
- Your Future Doctor Could Monitor Your Facebook Posts for Disease - VICE
- John Deere's Promotional USB Drive Hijacks Your Keyboard - VICE
- Kentucky Deploying 'Armored' Internet Fiber to Fend Off Hungry Squirrels - VICE
- Thousands of Facebook Users Hit in Malware ...
- What You Need to Know About Vulnerability Management Best Practices - Blog | Tenable®
- KPIs
Scan frequency: How often does your enterprise conduct assessments?
Scan intensity: How many different scans are launched on a given scan day?
Asset authentication: How does your enterprise measure assessment depth?
Asset coverage: What proportion of the licensed assets are scanned in a 90-day period?
Vulnerability coverage: What proportion of total vulnerability plugins are used in a 90-day period?
- Keeping Up With the Patches: A Tour Through Spring 2019 Threat Alerts
- One-fifth of the most-used Docker containers have at least one critical vulnerability | Kenna Security
- Getting 2FA Right in 2019 | Trail of Bits Blog
- Mortgage Payoff Experiment - Pay Off Mortgage Early or Invest? | Mad Fientist
- Virginia updates its revenge porn law to include deepfakes
- Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update - Microsoft Security
- “From the Server Room to the Board Room”: The 4 Top Concerns of Security-Aware C-Suites | Pivot Point Security
- 1. Advanced Persistent Threats (APTs). Whether sponsored by nation-states or organized crime, the end goal of APTs is the same: advancing financial advantage and/or a political or social power play. As APTs have ramped up, smaller businesses have come well within their scope. Any adversary can easily find out about your company’s financial status and probable security posture, and target you at will. That is the harsh reality of today’s business landscape.
2.Moving to cloud solutions. Seeking to decisively enhance their security postures to manage the risk of APTs and other threats (among other drivers), more and more clients are asking us: “How do we address security in the context of moving to the cloud? Because we no longer want to buy, maintain and secure all that infrastructure ourselves.” Security and cloud are now part of the same conversation, versus moving to the cloud now and worrying about security later.
3. Finding security leadership. Having moved from the server room to the board room, security is no longer just an IT management issue. Analogous to the roles of the CFO and the General Counsel, today’s CISO must rise to a similar level of responsibility for the organization’s ongoing viability. Further, the move to cloud requires expertise around security architecture, auditing, maintenance, etc. that is different from “traditional” IT security roles. Attracting effective security leaders in these emerging areas given today’s leadership shortage is a major CxO concern.
4.Compliance with privacy mandates. With the emergence of GDPR and CCPA, many of our customers are worried about compliance with privacy regulations. They realize that security and privacy domains are similar in many ways, but privacy brings its own, unique challenges—and now is the time to meet them.
- Thoughts on Two Years of Working from Home - PacketLife.net
- NetBox v1.1.0 Released - PacketLife.net
- Taking the CCIE Lab in RTP - PacketLife.net
- Response to "Certifications Are Not A Big Deal. Stop Being a Princess About It." - MovingPackets.net
- Auditing the SELinux Policy with sesearch | Lisenet.com :: Linux | Security | Networking
- Can Patient Data Be Truly ‘De-Identified’ for Research?
- A Privacy-Driven Security Culture - Security Boulevard
- How to Create Smarter Risk Assessments
- The Truth About Your Software Supply Chain
- New Warning on Ryuk Ransomware
- Retooling for Privacy | Calvin Bui
- Ransomware Hits Georgia Court System
- What to Expect from the Security and Risk Management Market in 2019: Recap from the Gartner Security and Risk Management Summit - Security Boulevard
- Threat Intelligence Best Practices - Security Boulevard
- 10 Data Privacy and Encryption Laws Every Business Needs to Know - Security Boulevard
- amass — Automated Attack Surface Mapping | Daniel Miessler
- The tyranny of small debts, compounded | Seth's Blog
- Boeing’s 737 Max Software Outsourced to $9-an-Hour Engineers - Bloomberg
- Beginner's Guide v2 - The MagPi MagazineThe MagPi Magazine
- Five defence challenges facing Canada
- The 10 Best Calibre Plugins for Ebook Lovers
- Leadership is a practice not a position of authority (Gurteen Knowledge)
- 5 tips to improve your company's IT security
- » Open Hardware: Open-Source MRI Scanners Could Bring Enormous Cost Savings
- Top Web Based Docker Monitoring Tools – Linux Hint
- Top 10 Ethical Hacking Books – Linux Hint
- AMD Releases Firmware Update To Address SEV Vulnerability - Phoronix
- Linux Kodachi 6.1 The Secure OS | Eagle Eye | Nonprofit Organization
- abcde - CD ripping software for the command line - LinuxLinks
- OpenAssessIt Toolkit · GitHub
- To defeat ransomware, we must first diagnose it correctly
- The History of Cellular Network Security Doesn’t Bode Well for 5G | Electronic Frontier Foundation
- Knowledgebase: Azure AD Connect’s Seamless SSO breaks when you disable RC4_HMAC_MD5 - The things that are better left unspoken
- If you want Azure AD Connect’s Seamless Single Sign-on functionality to work, RC4_HMAC_MD5 will need to be available.
- NetApp Ontap 9.6 Simulator Upgrade
- Dijkstra was only partially correct about testing
- This Malware Created By A 14-Yr-Old Is Bricking Thousands Of Devices
- Silex
- Syncing Time within An Active Directory Domain Checklist | KC's Blog
- Find All HP iLOs on your Network | PeteNetLive
- Migrating away from the Ubiquiti EdgeRouter Lite | Logan Marchione
- Installing Docker on Linux – Virtual Me
- Creamy Mushroom and Spinach Pasta - Spoonful of Flavor
- Here’s the Microsoft April Patch Tuesday roundup – Naked Security
- Belgian programmer solves cryptographic puzzle – 15 years too soon! – Naked Security
- Can you get hit by someone else’s ransomware? [VIDEO] – Naked Security
- Serious Security: Ransomware you’ll never find – and how to stop it – Naked Security
- How to recover from a security breach
- How to Obtain Valuable Data from Images Using Exif Extractors « Null Byte :: WonderHowTo
- Don’t break Windows 10 by deleting SID, Microsoft warns – Naked Security
- Top 10 Browser Extensions for Hackers & OSINT Researchers « Null Byte :: WonderHowTo
- 5 principles driving a customer-obsessed identity strategy at Microsoft
- Seth - Perform A MitM Attack And Extract Clear Text Credentials From RDP Connections
- Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability
- BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
- MozDef - Mozilla Enterprise Defense Platform
- Vxscan - Comprehensive Scanning Tool
- One-Lin3r v2.0 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
- Cryptr - A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL
- GDPR and Apache logs, remove last octet of an IP address - Koen Van Impe - vanimpe.eu
- Infosecurity.US - Web Log - New NIST IOT Cyebrsecurity Document Published
- £60 million in recovery costs for Norsk Hydro after refusing ransom demand - IT Governance Blog
- Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
- Home Office report reveals susceptibility to accidental data breaches - IT Governance Blog
- Medical debt collection agency files for bankruptcy protection after data breach - IT Governance Blog
- What are the 10 steps to cyber security? - IT Governance Blog
- List of data breaches and cyber attacks in June 2019 – 39.7 million records leaked - IT Governance Blog
- Safeguarding Health Information: Building Assurance through HIPAA Security 2019 | NIST
- Experts: Spy used AI-generated face to connect with targets
- Key Biscayne Hit by Cybersecurity Attack
- Google's next undersea internet cable will link Africa and Europe
- Medical Device Cybersecurity: The Top Challenges
- Second Florida City Pays Up Following Ransomware Attack
- Bill Proposes Easing HIPAA Enforcement Action in Some Cases
- Police Arrest 6 in $28 Million Cryptocurrency Fraud Probe
- TLS certs for internal OTS hardware - DigiNinja
- Finding Free Images | Diary of a Network Geek
- Jony Ive helped make Apple what it is today
- Deploying and Configuring a vCenter Appliance using Terraform
- Jaffar's (Mr RAC) Oracle blog: Oracle Exadata X8 key capabilities summary
- work Agile in a GxP-regulated environment - Blog dbi services
- Replaced my failed gas water heater with a much more efficient Rheem hybrid electric with WiFi, its quiet heat pump is also dehumidying and cooling my basement | TinkerTry IT @ Home
- Health Insurer Reports Data Breach That Began 9 ...
- Could Foster Kids Help Solve the Security Skills ...
- Former Equifax CIO Sentenced to Prison for Insider ...
- How GDPR Teaches Us to Take a Bottom-Up Approach to ...
- Top 8 security mistakes in SAP environments | CSO Online
- Quinoa and Beet Salad with Tahini Dressing Recipe -- Vegan, Easy, and Delicious | Penniless Parenting
- 5 Basic Maintenance Tips for Your Air Conditioning Unit | Penniless Parenting
- Intel’s Optane: Two Confusing Modes. Part 4) Comparing the Modes | The SSD Guy
- 2 Medical Practices Among Latest Ransomware Attack Victims
- The World is Collapsing into Two Countries—Green and Red | Daniel Miessler
- Today’s Top Public Cloud Security Threats …And How to Thwart Them
- NIST releases guidelines for building trustworthy, secure software
- EFF reveals top priorities for consumer data privacy laws
- Medical debt collector files for bankruptcy after data breach
- Healthcare Exchange Standards: ACME is not appropriate for Heathcare use
- Beginner’s Guide to Nexpose
- Machine Learning Doesn't Introduce Unfairness—It Reveals It | Daniel Miessler
- The Growing Threat of Botnets & Cryptominers | CyberWatch
- I provide some details on which CVEs, which exploits, and which tactics are being used by attackers; which ports should be monitored and are used by miners; how Linux, Docker and Mac are now targets; and articles and sources on recent attacks. Some attacks I use to illustrate are:
Kingminer: bruteforce entry on servers running MS IIS/SQL, disabling
configuration file with API for evasion
PSMiner: backdoor Trojan cryptominer targeting Linux and MacOS via
CVE-2018-20062
Docker Rigs: Cryptojacking campaigns on vulnerable docker rigs
leveraging CVE-2019-5736 to overwrite the runc binary and create a
container escape to write arbitrary code
Smominru: Massive cryptomining rig leveraging EternalBlue and WMI
WireX: Botnet of Android devices infected through Google Playstore
apps to connect them to a headless Web browser and encrypt malicious
traffic using SSL
CVEs/Vulnerabilities used for RCE:
CVE-2012-0874: JBoss Enterprise Application Platform Multiple Security
Bypass Vulnerabilities.
CVE-2010-1871: JBoss Seam Framework
JBoss AS 3/4/5/6: CVE-2017-10271: Oracle WebLogic wls-wsat Component
Deserialization RCE
CVE-2018-2894: Vulnerability in the Oracle WebLogic Server component
of Oracle Fusion Middleware.
Hadoop YARN ResourceManager – Command Execution
CVE-2016-3088: Apache ActiveMQ Fileserver File Upload
- Windows 10: Diagnose tool SetupDiag | Born's Tech and Windows World
- Parents' lack of cybersecurity knowledge holds back children's career choices
- Kali Linux sets out its roadmap for 2019/20
- What Is the Digital Divide, and Which Side Are You On?
- Book recommendations–present, future and past | Seth's Blog
- A tale of two cities: Why ransomware will just get worse | Ars Technica
- Naples Rolls Out A Fine-Tuned Dough, And The New 'Cloud Pizza' Is Born : The Salt : NPR
- Apple's Scary Buying Power And The Woman Who Named It : Planet Money : NPR
- monopsony - the power a firm had when it was the single buyer of something.
- Nines are not enough: meaningful metrics for clouds – the morning paper
- What bugs cause cloud production incidents? – the morning paper
- 13 Websites to Find People on the Internet
- 6 Slideshow Design Mistakes You Should Avoid in Your Next Presentation
- Never use Comic Sans.
Avoid cursive script.
Never use an image without permission.
Never enlarge pixel based images.
Don’t place your text in random order.
Don’t ignore the importance of a theme.
- Before Computers: Notched Card Databases | Hackaday
- Finally, An Open Source Multimeter | Hackaday
- . The
- Your Security Audit Roadmap - Linux Academy Blog
- The 9 Best Soldering Irons for Beginners
- 5 Ways to Safely Test Your Antivirus Software
- Open Source Could Be a Casualty of the Trade War « bunnie's blog
- Mentoring new system administrators | Enable SysAdmin
- Raspberry Pi pHAT detects indoor pollution, and optionally, outdoors too
- What is Fragmentation?
- Cyber-attacks on hospitals most likely come from China, SRI says – The Romania Journal
- Certificate Chain Incomplete | PeteNetLive
- Understanding Public Key Infrastructure and X.509 Certificates | Linux Journal
- Security-Focused HTTP Headers to Protect Against Vulnerabilities
- Cranky Old Network Engineer Complains About The Youth Of Today - MovingPackets.net
- Install CHR On Proxmox | Greg Sowell Consulting
- Data breach at Desjardins (Canadian credit union) | Born's Tech and Windows World
- US cyberattack reportedly knocked out Iran missile control systems
- Microsoft releases out-of-band fixes for Win7 and Win8.1 on 6/20 @ AskWoody
- A rogue Raspberry Pi helped hackers access NASA JPL systems
- A Method for Establishing Liability for Data Breaches - Lawfare
- Thank you VMware, for two and a half awesome years as an HCI Systems Engineer! | TinkerTry IT @ Home
- The Budapest Convention Offers an Opportunity for Modernizing Crimes in Cyberspace - Lawfare
- Windows Terminal preview now available to download
- How will you backup and recover Windows 2008/R2 after January 2020? | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, Power Protect, CSM
- Dump TNSNAMES.ORA from ActiveDirectory – Laurent Schneider
- Why the US Government Just Made Its Own Font, Open Sans
- Daniel Stori's 'Oracle Download Page' - Security Boulevard
- Application Security Best Practices - Security Boulevard
- How the “Diamond Model” Can Help SOC Analysts Boost Incident Response - Siemplify
- The good, the bad and the unexpected: what GDPR has taught us in the last year - Security Boulevard
- 3 Ways Norsk Hydro Kept its Reputation During LockerGoga Cyberattack - Security Boulevard
- Health Care Digitalization Brings New Security Challenges - Security Boulevard
- GPOs for Windows, macOS, and Linux | JumpCloud
- Your threat model is wrong - Security Boulevard
- Docker Container Monitoring: Protect Your Investment - Security Boulevard
- Journey to OSCP - 10 Things You Need to Know
- During the less restricted labs, it is good practice to redo a system again “manually” after you were able to use it using a more automated method that isn’t allowed in the actual exam
- CJIS Requirements: What Businesses Need to Know
- Information security career resume tips
- Unpatched Vulnerabilities Caused Breaches in 27% of Orgs, Finds Study - Security Boulevard
- Four Essential Cloud Security Concepts - Security Boulevard
- Cyber Security Roundup for May 2019 - Security Boulevard
- U.S. Businesses Lost $654 Billion from Cyberattacks in 2018 - Security Boulevard
- $654 Billion
- Ransomware succeeds because targets don’t learn from history - Security Boulevard
- Mimikatz and Windows RDP: An Attack Case Study - Security Boulevard
- National Cyber Security Strategy 2016 to 2021: progress so far - GOV.UK
- UK Security BSides, Mark Your Calendar & Don't Miss Out - Security Boulevard
- How nCipher Security Recommends Hospitals Can Stay Resilient to Cyber-Threats - Security Boulevard
- Automated Office Updates v1.0 – Stick To The Script
- The essentials of vendor risk management - SecureLink
- Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis
- Target Stores Back Online After Crippling Cash Register Computer Failure : NPR
- How to Install uTorrent in Ubuntu 18.04 and Ubuntu 19.04 - LinuxBabe
- Chris's Wiki :: blog/programming/IntelCPUIDNotes
- shellcheck and You Should Too
- Topic: Word Mailmerge Tips & Tricks @ AskWoody
- Tip: PowerShell workarounds for June bug in Windows Event Viewer | Born's Tech and Windows World
- The Cost of Cybercrime - Schneier on Security
- InfoSec Handlers Diary Blog - Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
- InfoSec Handlers Diary Blog - Odd DNS Requests that are Normal
- InfoSec Handlers Diary Blog - Keep an Eye on Your WMI Logs
- WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName
- Excellent Analysis of the Boeing 737 Max Software Problems - Schneier on Security
- Defending Democracies Against Information Attacks - Schneier on Security
- Cybersecurity for the Public Interest - Schneier on Security
- Protecting Yourself from Identity Theft - Schneier on Security
- What the AMCA Data Breach Teaches Us About Modern Supply Chain Security - Security Boulevard
- Radiohead Releases Music Online Instead of Giving in to Blackmailer Demands - Security Boulevard
- 84% of US employees have never heard of GDPR - TechRepublic
- How to Patch BlueKeep and Get to Know Your Company's Critical Assets
- Magdoff2.qxd - ReserveArmy.pdf
- What’s the best approach to patching vulnerabilities? – Naked Security
- Backpacker claims to find a network of hidden webcams in farm stay – Naked Security
- Crazy: Windows 10 Enterprise LTSC 2019 offered a feature update to 1903 | Born's Tech and Windows World
- Hackback Is Back: Assessing the Active Cyber Defense Certainty Act - Lawfare
- Vulnerable Software – The Gift that Keeps on Giving - Security Boulevard
- Building Modern Security Awareness with Experiences
- Updating the VMware vCenter License Key using PowerCLI - thecloudxpert
- 5 Secure Coding Practices You Actually Need: Principles for Secure Code Every Time - Security Boulevard
- Telegram App DDoS from China Hinders #612strike Protest - Security Boulevard
- 9 PCI Myths That Can Cost CIOs - Security Boulevard
- Mitigating BlueKeep with PowerShell – Mike F Robbins
- PrivacyCulture_GDPR_Maturity_Framework.pdf
- The Biggest Data Breach Archive on the Internet Is for Sale - VICE
- Sensory Overload: Filtering Out Cybersecurity's Noise
- The Military Wants AI to Manage America's Airwaves - VICE
- EPIC - EPIC's Rotenberg Speaks with Mueller Book Club
- What kids get up to online | Securelist
- A predatory tale: Who’s afraid of the thief? | Securelist
- Spam and phishing in 2018 | Securelist
- Active Dataguard : read only with apply – Laurent Schneider
- Bugs in a popular hospital pump may let attackers alter drug dosages
- The Best Encrypted Email Services You Need to Use in 2019
- Threat Landscape for Industrial Automation Systems in H2 2018 | Securelist
- Beware of stalkerware | Securelist
- BadCert: Symcrypt vulnerability puts Windows Server at risk | Born's Tech and Windows World
- Why You Need a Crisis Communications Plan | Pivot Point Security
- Tenable Roundup for Microsoft's June 2019 Patch Tuesday
- Tenable Roundup for Microsoft's June 2019 Patch Tuesday
- IoT Cybersecurity Improvement Act: An Important Step Forward - Blog | Tenable®
- Software Vulnerability Management with Device42 and VulnDB
- New VulnDB Integration for ServiceNow Enables Better Vulnerability Response
- Adapting Agile for Internal Security Operations
- NBlog - the NoticeBored blog: NBlog June 12 - lack of control is not a vulnerability
- Corrupt MP4 Files? Fix Them for Free With This Great Trick
- 2018 Year in Review
- Zero Day Initiative — The June 2019 Security Update Review
- Healthcare Security Summit Offers Insights From CISOs
- Google Researcher Details Windows Cryptographic Library Bug
- Microsoft Patch Tuesday, June 2019 Edition — Krebs on Security
- RapidScan - The Multi-Tool Web Vulnerability Scanner
- Yaazhini - Free Android APK & API Vulnerability Scanner
- Unsecured Database Leaves 8.4 TB of Email Metadata Exposed
- CIA, Cyber Risk and Patient Safety ~ Cyber Thoughts
- SAP Security Notes June 2019 | Onapsis
- Cyberattack Hits Aircraft Parts Manufacturer
- Healthcare Exchange Standards: Patient Engagement - Access Log
- Healthcare Exchange Standards: XDS sha-1 is still okay
- Entering the Third Decade of Cyber Threats: Toward Greater Clarity in Cyberspace - Lawfare
- How to Structure a Cover Letter and Resume When Sending via Email
- An Amazing Job Interview | Don Jones®
- Privacy Is Now a Luxury Good: Here's Why That's Bad for All of Us
- Perovskites: Not Just For Solar Cells Anymore | Hackaday
- Chris's Wiki :: blog/sysadmin/IntelMDSKillsOldServers
- Trouble-shooting | Oracle Scratchpad
- Yubico recalls government-grade security keys due to bug
- Ansible: configuration management for everything – Marksei
- Smarten Up Your Air Conditioning With The ESP8266 | Hackaday
- Botanium: Urban Gardening For All
- The 15 Most Popular Plex Podcasts in 2019
- SSL Handshake Failures | Baeldung
- Free up over 17GB of storage space by cleaning up after the Windows 10 May 2019 Update
- The bits and bytes of PKI | Opensource.com
- U.S. GAO - Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems
- Dealing with Scale and Security: How MasterCard is Mastering the Game - Big Data Beard
- A Field Guide To Transmission Lines | Hackaday
- How to Design a Lithium Battery Pack (Part 2 of 2)
- How To Build Your Own Lithium Battery (Part 1 of 2)
- A computer virus has thrown Philadelphia’s court system into chaos - The Verge
- World domination with cgroups in RHEL 8: welcome cgroups v2!
- Why Smart Cards Are Smart | Linux Journal
- When the 'smart home' is actually a hospital room
- Digital Transformation Suffers from Poor Alignment Between IT and Execs | APMdigest - Application Performance Management
- vCenter 'Root' Account Expired | PeteNetLive
- Darran's WildFly Blog: Security Feature Development for WildFly 17
- Cyber Gaslighting: PsyOps in the Home - Lawfare
- Free Websites Reveal Your Address History and Names of Relatives (How to Opt Out) — My Money Blog
- Technology : You have to keep working just to stand still! | The ORACLE-BASE Blog
- Switch Buffer Sizes and Fermi Estimates « ipSpace.net blog
- Kubernetes Storage on vSphere 101 – StatefulSet - CormacHogan.com
- World-class data science server to amplify Clemson’s supercomputer | Clemson University News and Stories, South Carolina
- Patchday: Updates for Windows 7/8.1/Server (June 11, 2019) | Born's Tech and Windows World
- June 2019 Patch Tuesday is rolling out @ AskWoody
- How Ransomware Evolved | KC's Blog
- 'The Moscow Rules' By Tony And Jonna Mendez: How The CIA Evaded KGB Security : NPR
- Microsoft Extends its Lead Over Amazon and Apple as the Most Successful U.S. Company | Alexander's Blog
- GPS And ADS-B Problems Cause Cancelled Flights | Hackaday
- Takata’s Deadly Airbags: An Engineering Omnishambles | Hackaday
- Lessons From Global Cybersecurity Breaches For Your Next M&A
- Top 10 ways to strengthen your personal online security – Jason Pearce
- I switched to Duplicati for Windows Backups and Restic for Linux Servers | b3n.org
- Kubernetes at 5: Joe Beda, Brendan Burns, and Craig McLuckie on its past, future, and the true value of open source – GeekWire
- Data in a Flash, Part III: NVMe over Fabrics Using TCP | Linux Journal
- Tokyo in the 1970s, Revisited by Photographer Greg Girard | Spoon & Tamago
- To Do List Grid For When You Have a Lot of To Dos | DennisKennedy.Blog
- Jeff Bezos Is a Post-Earth Capitalist - VICE
- Scientists Discover Atomic-Forged Glass on Hiroshima's Beaches - VICE
- Hiroshimaites
- Adobe Tells Users They Can Get Sued for Using Old Versions of Photoshop - VICE
- NBlog - the NoticeBored blog: NBlog April - spotting incidents
- NBlog - the NoticeBored blog: NBlog April 11 - the KISS approach to ISO27k
- NBlog - the NoticeBored blog: NBlog May 20 - the value of visuals
- NBlog - the NoticeBored blog: NBlog June - physical information security
- Hacking History
- Twitch Flooded with Streams of 'Game of Thrones', Porn, and the Christchurch Attack Video - VICE
- It’s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE
- The Top 17 Free and Open Source Backup Solutions
- Mark Zuckerberg Will Be Served a Summons If He Sets Foot In Canada - VICE
- The Google Outage Highlights the Perils of a Centralized Internet - VICE
- The US Ban on Huawei Is Causing a Global Mess - VICE
- Hackers Breach Company That Makes License Plate Readers for U.S. Government - VICE
- The Importance of Cybersecurity Training | United States Cybersecurity Magazine
- Sadly, many employees don’t even realize how important cybersecurity training really is for the organization they work for. And even worse, according to a survey of over 4,500 employees, 22% of employees don’t feel like they should be obligated to keep their employer’s information safe.
- The PC of Your Dreams Might be Hiding in a Company’s Surplus Bin - VICE
- Solving the TLS 1.0 problem - Microsoft Security
- Announcing the all new Attack Surface Analyzer 2.0
- Introducing the security configuration framework: A prioritized guide to hardening Windows 10 - Microsoft Security
- Discover and manage shadow IT with Microsoft 365
- UK launches cyberstrategy with long-term relevance
- Specifically, the cybersecurity document does an excellent job in the following areas:
Insider threats—This type of threat is highlighted throughout the document; something that is not always emphasized sufficiently. For example, “Insider threats remain a cyber risk to organizations in the UK. Malicious insiders, who are trusted employees of an organization and have access to critical systems and data, pose the greatest threat.” We continue to hear about this problem from customers in nearly all industries and in all countries. This bold and clear statement makes it clear that this problem is front and center for the UK strategy, as it should be.
Public incidents—It’s refreshing to see major incidents that impact companies and organizations in the UK highlighted rather than hidden from public view. The document includes several incidents, such as the 2015 TalkTalk breach, and the 2016 attack on the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment system in Bangladesh, the Philippines, and the Ukrainian power grid incident. While these incidents did not all occur on UK soil or directly to UK organizations, their impact was still felt in the UK.
Diversity and inclusion—The UK is committed to increasing diversity while also addressing its cybersecurity skills shortage. The document states emphatically that “we will address the gender imbalance in cyber-focused professions, and reach people from more diverse backgrounds to make sure we are drawing from the widest available talent pool.” The need is so critical that cybersecurity has become known as a wonderful field for younger professionals to embark on a new career, even if it is not something that is well-known.
Public-private collaboration—Cybersecurity is a “team sport” and working together across private and public sectors is essential. Openly admitting this and accepting government responsibility is a key tenet of this strategy, described as, “Government has a clear leadership role, but we will also foster a wider commercial ecosystem, recognizing where industry can innovate faster than us.” The document also states, “We will set out more clearly the respective roles of government and industry, including how these might evolve over time.”
As we look at other areas that the strategy may wish to consider expanding into or elaborating upon in the coming years, three specific areas come to mind:
Links to money laundering and terrorist financing—While the initial 2016 version did not mention how the flow of money impacts and funds cybercrime, the NSCR March 2018 update did, with three specific references to money laundering and terrorist financing, explaining, “We will take a whole-of-government approach including with the Devolved Administrations to tackle serious and organized crime and publish an updated Serious and Organized Crime Strategy in 2018.” It also stated, “We remain a leading player in developing and applying economic sanctions [… and will] … continue using sanctions smartly to deliver national security outcomes after we have left the EU.”
Returning military veterans—Whether it be from armed conflicts or peace-keeping missions or other such activities, one way the UK could shrink the gap in cybersecurity skills would be to help military veterans transition into this field. The strategy states, “This skills gap represents a national vulnerability that must be resolved.” To that end, there are multiple paths that other countries have pursued that could be applied here.
Cloud computing—The terms “cloud” and “cloud computing” are not mentioned in the original 2016 strategy document or in the NSCR March 2018 update. Cloud-based security offerings are a mainstay of any cybersecurity strategy and bring with them enormous benefits, speed, operational efficiencies, and more.
- Uncovering Linux based cyberattack using Azure Security Center
- Secure your journey to the cloud with free DMARC monitoring for Office 365
- Security deployment - Microsoft Security
- Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness
- Lessons learned from the Microsoft SOC—Part 2a: Organizing people
- Lessons learned from the Microsoft SOC—Part 1: Organization - Microsoft Security
- Commando VM - The First of Its Kind Windows Offensive Distribution
- Wireshark Cheatsheet
- CPU percent | Oracle Scratchpad
- Metasploit Cheat Sheet
- Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images
- Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform
- Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
- Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go
- Reverse Shell Cheat Sheet
- Acunetix Web Application Vulnerability Report 2019
- CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion
- DOGE - Darknet Osint Graph Explorer
- Armory - A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
- Freevulnsearch - Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API
- mXtract - Memory Extractor & Analyzer
- FIR - Fast Incident Response
- H2T - Scans A Website And Suggests Security Headers To Apply
- LEDs for use with solderless breadboard – Skippy's Random Ramblings
- 507 Mechanical Movements
- Gareth's Tips, Tools, and Shop Tales | Revue
- Gareth's Tips, Tools, and Shop Tales
- How To Check if My Email is Encrypted during Transition | KC's Blog
- Secure Email
- DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories
- AutoSource - Automated Source Code Review Framework Integrated With SonarQube
- Joy - A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring
- BruteDum - Brute Force Attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC With Hydra, Medusa And Ncrack
- Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud
- WAFW00F v1.0.0 - Detect All The Web Application Firewall!
- Machinae v1.4.8 - Security Intelligence Collector
- Machinae
- Trigmap - A Wrapper For Nmap To Automate The Pentest
- Adidnsdump - Active Directory Integrated DNS Dumping By Any Authenticated User
- Vulmap - Online Local Vulnerability Scanners Project
- Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs
- Free Cynet Threat Assessment for Mid-sized and Large Organizations
- DefectDojo v1.5.4 - Application Vulnerability Correlation And Security Orchestration Application
- Ttyd - Share Your Terminal Over The Web
- Miteru - An Experimental Phishing Kit Detection Tool
- Acunetix Vulnerability Scanner Now With Network Security Scans
- Brutemap - Tool That Automates Testing Accounts To The Site's Login Page
- Cybersecurity and the Mueller Report - Lawfare
- Transnational Organized Crime and National Security - Lawfare
- Persistent Engagement, Agreed Competition and Deterrence in Cyberspace - Lawfare
- Progress in Cybersecurity: Toward a System of Measurement - Lawfare
- A Manifesto: Using Empirical Research in Journalism and Scholarship to Understand Big Tech - Lawfare
- Crossing a Cyber Rubicon? Overreactions to the IDF’s Strike on the Hamas Cyber Facility - Lawfare
- Digital Will, Part I: Requirements | Linux Journal
- What’s the Point of Charging Foreign State-Linked Hackers? - Lawfare
- OpenProject - online project management software - free and open source
- 5 Tips for Prioritizing Vulnerabilities Based on Risk - Blog | Tenable®
- Why Global Collaboration Is Key to Effective Cyber Defense - Blog | Tenable®
- Cybersecurity Pros Face Significant Challenges with OT Security: Ponemon Report - Blog | Tenable®
- VMware Releases Security Updates for Tools and Workstation | US-CERT
- cyber.dhs.gov - Binding Operational Directive 19-02
- Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management - Blog | Tenable®
- Oracle WebLogic Affected by Unauthenticated Remote Code Execution Vulnerability (CVE-2019-2725) - Blog | Tenable®
- Oracle Critical Patch Update For April Contains 297 Fixes - Blog | Tenable®
- IT/OT Cybersecurity Convergence: Start Strong with These Six Controls - Blog | Tenable®
- Nessus Essentials | Tenable®
- PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram
- Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram
- Recipes and Meals | Quality Products Low Prices | Lidl US
- Why Your Business Continuity Plan Must Cover Cyber Incident Response | Pivot Point Security
- Shared Assessments - They’re Not Just Vendor Risk Management
- Open Source Software Legal Issues | FOSS Risks | Pivot Point Security
- Avoid These Easily Guessable Passwords | Pivot Point Security
- Password Strength Explained | Password Length vs. Complexity | Pivot Point Security
- Password Tips 6-8: Reuse, Emails, and Default Passwords | Pivot Point Security
- Password Tips #5-3: Secure Resets, 2FA, and Password Storage | Pivot Point Security
- Password Sharing Security Tips | Pivot Point Security
- Why Ignoring CCPA is Bad Business (As Opposed to ignoring GDPR) | Pivot Point Security
- Don’t Pay the Price for an Unsecured Managed Services Vendor | Pivot Point Security
- 5 Success Factors: Law Firm Data Security & Privacy Initiatives (Part 3) | Pivot Point Security
- 5 Success Factors: Information Security for Law Firms (Part 2) | Pivot Point Security
- 5 Critical Success Factors: Cyber Security for Law Firms | Pivot Point Security
- OBGYN Information Security | How InfoSec Has Changed My Annual OB/GYN Visit | Pivot Point Security
- CREST vs. SANS | Pivot Point Security
- 5 Top Information Security Accreditations for SaaS Providers | Pivot Point Security
- Address CCPA before September 2019... or Pay the Price | Pivot Point Security
- Infosecurity.US - Web Log - GPS, The Rollover
- Infosecurity.US - Web Log - President Theodore Roosevelt's 'Citizenship in a Republic' Oratorical Masterpiece, The 109th Anniversary
- Oracle Downloads Page
- Infosecurity.US - Web Log - Google Utilizing Consumer Gmail Accounts to Track Purchases, Financial Transactions
- Key takeaways from the 2019 Verizon Data Breach Investigations Report - IT Governance Blog
- Medical data is 18 times more likely to be compromised when an internal actor is involved, and the most likely threat actor is a medical professional such as a doctor or nurse.
- What is an ISMS and 9 reasons why you should implement one - IT Governance Blog
- 1. A centrally managed framework for keeping an organisation’s information safe.
2. A set of policies, procedures, technical and physical controls to protect the confidentiality, availability and integrity of information.
3. Either applied to the entire organisation or only a specific area where the information it seeks to protect is segmented (the scope).
4. Includes not only technical controls but also controls to treat additional, more common risks related to people, resources, assets and processes.
5. Based on a risk assessment across the organisation that considers internal and external risks. This means all risks are assessed, analysed and evaluated against a set of predetermined criteria before risk treatments (controls) are applied. Controls are applied based on the likelihood and potential impact of the risks.
6. A framework that helps you make appropriate decisions about the risks that are specific to your business environment.
7. Dependent on support and involvement from the entire business – not just the IT department – from the cleaner right up to the CEO.
8. Not an IT function but a business management process.
9. An ISMS can be certified to the international best-practice information security standard ISO 27001. Achieving accredited certification to the Standard demonstrates to your clients, customers, regulators and stakeholders that your organisation is following information security best practice and your data is sufficiently protected.
- Organisations struggling to meet GDPR requirements, with poor planning and lack of awareness to blame - IT Governance Blog
- 79% of organisations are failing to meet the GDPR’s requirements;
25% don’t consider themselves knowledgeable about the Regulation;
Half of organisations have been subject to enforcement action related to data protection violations; and
70% are less open when engaging with customers about data privacy.
- What is information classification and how is it relevant to ISO 27001? - IT Governance Blog
- List of data breaches and cyber attacks in February 2019 - 692,853,046 records leaked - IT Governance Blog
- A guide to the PCI DSS’s vulnerability scanning and penetration testing requirements - IT Governance Blog
- Average cost of cyber crime is now $13 million - IT Governance Blog
- 2.3 billion data breaches, compared to 826 million in 2017
average cost of cyber crime grew by more than $1 million in 2018 to $13 million (about £9.9 million) per organisation.
85% of organisations experienced phishing and social engineering attacks and 76% suffered web-based attacks.$2.6 million (about £1.9 million) and $2.3 million (about £1.75 million) respectively
- Requirements for achieving ISO 27001 certification - IT Governance Blog
- ISO 27001: The 14 control sets of Annex A explained - IT Governance Blog
- DPIAs for retail and hospitality - IT Governance Blog
- List of data breaches and cyber attack in March 2019 – 2.1 billion records leaked - IT Governance Blog
- The 8 CISSP domains explained - IT Governance Blog
- Law firms report increase in staff-related security incidents - IT Governance Blog
- Do your employees care about cyber security? - IT Governance Blog
- just 26% have introduced cyber security training for their employees. 15% stated that they “haven’t got around to it yet” while 5% think additional training should be offered but confessed that “they didn’t know where to start”.
17% of small UK businesses have suffered at least one cyber attack in the past year.
19% have been targeted between 6 and 10 times in the past year.
51% of organisations with 50–99 employees suspect that a breach has been kept a secret from them.
53% agreed that it seemed logical for cyber security awareness training to be near the top of the business agenda.
- “An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack - IT Governance Blog
- Toyota suffers second data breach in five weeks - IT Governance Blog
- The ultimate guide to ITIL incident management - IT Governance Blog
- List of data breaches and cyber attacks in April 2019 – 1.34 billion records leaked - IT Governance Blog
- UK businesses are reporting fewer data breaches, but is this as positive as it sounds? - IT Governance Blog
- This is a marked improvement on the previous two years, in which 43% (2018) and 46% (2017) of businesses were breached, but it doesn’t tell the full story of the UK’s threat landscape. Although the number of organisations being targeted seems to be decreasing, those that are vulnerable to attacks are experiencing them more often, with two in five organisations saying that they come under threat at least once a month.
More businesses (57% vs 51% in 2018) and charities (43% vs 27%) update senior management on their cyber security actions at least once a quarter;
Cyber security policies are becoming more common in businesses (33% vs 27%) and charities (36% vs 21%);
Businesses (56% vs 51%) and charities (41% vs 29%) are more likely to have implemented controls in all five technical areas of the government’s Cyber Essentials scheme;
Staff awareness training is becoming more common in businesses (27% vs 20%) and charities (29% vs 15%);
Charities are getting better (60% vs 46%) at implementing measures such as health checks, audits and risk assessments; and
More medium-sized (31% vs 19%) and large businesses (35% vs 24%) have invested in cyber insurance.
- Different types of cyber attacks - IT Governance Blog
- Recsech - Tool For Doing Footprinting And Reconnaissance On The Target Web
- Recsech
- Cyber News Rundown: Medical Testing Service Data Breach | Webroot
- The State of VPN Security Today - Security Art Work
- The Pains Of Vulnerability Coordination – And What To Learn From It
- LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach — Krebs on Security
- On the Horizon: Parasitic Malware Will Feast on Critical Infrastructure
- Oracle Database 19c (19.3.0) for Windows and zLinux is available
- Baltimore Ransomware Attack Costing City $18 Million
- City Finance Director Henry Raymond estimates, Baltimore has spent about $10 million in recovery and forensic expenses, and the city is expected to lose about $8 million in revenue.
- Maine governor signs bill banning internet providers from selling consumer data without consent | TheHill
- Hospital to Pay $250,000 After Alleged False HITECH Claims
- Vendor Security Risk Management: A Growing Concern
- Healthcare Exchange Standards: IHE Audit Log Specifications
- Survey Says: Cost and Security are Top Hybrid Cloud Concerns | CIO
- BrandPost: HPE Greenlake Improves Control Over Compliance, Security - Jellyfish Security
- Automating SOX Controls Testing | Onapsis
- Tap Into Your Valuable DNS Data - Black Hills Information Security
- Check-LocalAdminHash & Exfiltrating All PowerShell History - Black Hills Information Security
- Check-LocalAdminHash
- Data protection authority reports itself to itself after data breach
- Data protection authority reports itself to itself after data breach
- Life on Contract: Product Development Lessons Big and Small | Hackaday
- [New Research] 2019 Cloud Security Report Reveals Top Challenges
-
The top cloud security concern of cyber security professionals is data loss and leakage (64 percent).
Unauthorized access through misuse of employee credentials and improper access controls (42 percent) takes the number one spot in this year’s survey as the single biggest perceived vulnerability to cloud security, tied with insecure interfaces and APIs (42 percent). This is followed by cloud misconfigurations (40 percent).
Most respondents (54 percent) say cloud environments are at higher risk of security breaches than traditional on-premises environments – a 5 percent increase from last year.
- Lessons from the Baltimore Cyber Attack—Are You Doing Enough to Protect Your Business? - Delta Risk
- Philips and HPE: Healthcare Innovation From the Edge to the Cloud | CSO Online
- The Intellectual Dark Web (IDW) and Dark Forest Theory | Daniel Miessler
- The Holy Trinity of Air Travel Convenience | Daniel Miessler
- The ABCs of Microsoft Office 365's Data Loss Prevention (DLP)
- Baltimore ransomware attack will cost the city over $18 million
- vSphere ESX: Replace / Update the VMware Tools ISO | PeteNetLive
- Are Bluekeep patches causing BSODs with Server 2008 SP2 and Vista? @ AskWoody
- Why ODA reimaging doesn't work on the first try? - Blog dbi services
- Home on the Palo Alto Networks Cyber Range | The Networking Nerd
- Java mon amour: SSL renegotiation and resumption
- Under The Stairs: First Steps with With PowerShell 7
- Establishing an Internet Performance Benchmark | APMdigest - Application Performance Management
- Official Warren Buffett / Berkshire Hathaway Book Reading List 2019 — My Money Blog
- Find why an account is getting locked out and where | Mohammed Wasay
- Common Data Model | James Serra's Blog
- Metasploit for Windows BlueKeep vulnerability | Born's Tech and Windows World
- My session slides from DNUG46 | eknori.de
- New VMware Security Advisory VMSA-2019-0009 - VMware Security & Compliance Blog - VMware Blogs
- What kind of server channel are your running on: SAC or LTS? | >_
- Cyber Command’s Strategy Risks Friction With Allies - Lawfare
- UEFI 2.8 Specification Released With REST & Memory Cryptography - Phoronix
- Defense Department General Counsel Remarks at IDF Conference - Lawfare
- 10 Most Secure Linux Distros For Advanced Privacy & Security
- The GCHQ’s Vulnerabilities Equities Process - Lawfare
- The dangerous folly of “Software as a Service” | Armed and Dangerous
- Control, Freedom and Harm – Purism
- Ubuntu 19.10's ZFS TODO List Goes Public - A Lot To Of Work Left - Phoronix
- Azure Architect Study Guide – Service Endpoints
- Learn about AWS Services & Solutions – June AWS Online Tech Talks | AWS News Blog
- So long … | Oracle Scratchpad
- Examples of Machine Learning with Facial Recognition « Oralytics
- Homemade Turkish Salad Recipe -- Frugal, Paleo, Vegan, and Delicious | Penniless Parenting
- The seven deadly sins of personal finance
- DeployHappiness | PencilTramp – The Adventures of Passphrase Generation
- Continuous integration of machine learning models with ease.ml/ci – the morning paper
- Azure NetApp Files goes GA | Architecting IT
- Power over Ethernet: Things You Should Know About it
- Saving, Updating Text Files with PowerShell | KC's Blog
- Oracle Critical Patch Update - April 2019
- Deploy Sonarqube to Azure App Service Linux Containers using an Azure DevOps Pipeline – PowerShell, Programming and DevOps
- Video : Multitenant : Proxy PDB in Oracle Database 12.2 Onward | The ORACLE-BASE Blog
- Exposed database revealed security details for large hotel chains
- Wazuh
- Top 550+ Funny Passwords Ever Encountered
- Ransomware Attack on Vendor Affects 600,000 - HealthcareInfoSecurity
- Groups Ask FDA to Rethink Some Medical Device Cyber Proposals
- An Inside Look at a Level 4 Threat Hunting Program
- Georgia County Pays $400,000 to Ransomware Attackers
- EU Seeks Better Coordination to Battle Next Big Cyberattack
- The Future of Cybersecurity Education - Part 2
- The Future of Cybersecurity Education - Part 1
- Oregon Agency Reports Phishing Attack Affecting 350,000
- The Dark Side of Cybersecurity: Burnout - HealthcareInfoSecurity
- The Dangers of Unsecured Medical Devices - HealthcareInfoSecurity
- Analyzing the $7.5 Million UCLA Health Data Breach Settlement
- A proposed $7.5 million settlement of a class action lawsuit filed against ULCA Health in the wake of a 2015 cyberattack that affected 4.5 million individuals stands apart from most other breach-related settlements because it requires the organization to spend a substantial sum on improving its security, Under terms of the settlement, UCLA Health has agreed to spend at least $5.5 million beyond its current budget to expedite and implement cybersecurity enhancements to its computer network.
- Data Breaches in Healthcare Affect More Than Patient Data
- Meanwhile, Columbia, S.C.-based integrated healthcare delivery system Palmetto Health says it believes a recent phishing attack was aimed at trying to gain access to employee payroll information. Palmetto is undergoing a name change to Prisma Health as it completes a merger this year with Greenville Health System.
- Ransomware Attack Costs Norsk Hydro $40 Million - So Far
- What Led to a $4.7 Million Breach Lawsuit Settlement?
- $4.7 million to settle a lawsuit stemming from the theft of a portable hard disk drive from a self-storage unit. The drive contained information on about 1.2 million individuals - much of it unencrypted - that was gathered for an education research project
- Alerts: Vulnerability in Philips Records System
- Audit: HHS Info Security Program ‘Not Effective’
- The OIG report notes that auditors found weaknesses in five key cybersecurity framework areas, including:
Risk management;
Configuration management; identity and access management; data protection and privacy; and security training;
Information security continuous monitoring;
Incident response;
Contigency planning.
- DHS: Federal Agencies Need to Patch Vulnerabilities Faster
- Directive: 'Critical' Vulnerabilities Must Be Patched Within 15 DaysBinding Operational Directive (BOD) 19-02,critical vulnerabilities needed remediation within 30 days
- Health Data Breach Tally Update: What’s Been Added?
- $3 Million HIPAA Settlement in Delayed Breach Response Case
- $3 million HIPAA settlement in a case alleging that a medical imaging services provider delayed investigating and mitigating a breach involving patient information leaking onto the internet via a web server - and delayed notification of victims as well.
- Ransomware Increasingly Hits State and Local Governments
- Equifax's Data Breach Costs Hit $1.4 Billion - HealthcareInfoSecurity
- Costs Hit $1.4 Billion
- Executive Roundtable Recap: "Confessions of a Healthcare CISO"
- Top 5 Legal Tips for Tornado Damage and Insurance - FindLaw
- Auto-reload Celery on code changes | Celery how-tos and tutorials
- The mysterious history of the MIT License | Opensource.com
- Top 20 Best Linux VoIP and Video Chat Software in 2019
- The difference between resilient and reactive organizations | Opensource.com
- 27 Excellent Free Books to Learn all about R - LinuxLinks
- Under The Stairs: PowerShell 7 Is Here - Getting Started
- Texas Linux Fest 2019 Recap · major.io
- Red Hat Breathes New Life Into Java | Enterprise | LinuxInsider
- The SmarchWatch: An open-source smartwatch that you can build yourself - NotebookCheck.net News
- Towards an Information Operations Kill Chain - Schneier on Security
- SSH Honey Keys
- DevSecOps: 7 ways to address cultural challenges | The Enterprisers Project
- Introduction to Reinforcement Learning with Python
- Top 20 Best ML Algorithms For Both Newbies and Professionals
- DOD looks to publish software blacklist -- FCW
- A Better Route Planner & Other Open Source Projects Need Our Help | CleanTechnica
- 6 Open-Source Alternatives to Proprietary Software: Self-Hosted Applications | 256 Kilobytes
- Adobe Warns Users Someone Else Might Sue Them For Using Old Versions Of Photoshop | Techdirt
- davy wybiral: Always Secure Your localhost Servers
- Portainer: Web-Based Docker GUI For Remote Or Local Use - Linux Uprising Blog
- Kubernetes security: 5 mistakes to avoid | The Enterprisers Project
- TLS 1.0 and 1.1 Removal Update - Mozilla Hacks - the Web developer blog
- Safari, Firefox, Edge and Chrome are removing support for TLS 1.0 and 1.1 in March of 2020.
- Cthulhu: New open source chaos engineering tool for Java - JAXenter
- Cthulhu
- U.S. Businesses Pay, Remit 93 Percent of All Taxes Collected in America
- 9 List of Best Free Penetration Testing tools | H2S Media
- Easy and Delicious Chewy Gluten Free Vegan Chocolate Chip Cookies Recipe | Penniless Parenting
- Juli's Gluten Free Pasta Salad | Penniless Parenting
- How to write a business continuity plan: the easy way - IT Governance Blog
- Is your organisation equipped for long-term GDPR compliance? - IT Governance Blog
- Emotet: How to stop ‘the most destructive malware’ in existence - IT Governance Blog
- A Ransomware Victim Shares His Story - HealthcareInfoSecurity
- Tips on Tackling Medical Device Cybersecurity Challenges
- Minimizing Cloud Security Risks - HealthcareInfoSecurity
- Is Healthcare Sector Better Prepared for Ransomware Attacks?
- Misconfigured IT (Again) Leads to Big Health Data Breach
- Cloud-Based EHR Vendor Slapped With HIPAA Fine
- Under GDPR, UK Data Breach Reports Quadruple - HealthcareInfoSecurity
- Audit Identifies Australian Health Sector Security Weaknesses
- What CCPA Means to Security Leaders - HealthcareInfoSecurity
- Windows Notepad hack allows shell access | Born's Tech and Windows World
- Covert Channel: The Hidden Network
- Beginner’s Guide to Nessus
- CCIE Renewed Once More - Exam 400-101 v5.1 · Lindsay Hill
- PowerCat -A PowerShell Netcat
- Google Stored Business Customers’ Passwords in Plaintext on Its Servers… For 14 Years
- Exploring different Linux RAID-10 layouts with unbalanced devices – The ongoing struggle
- AI Universal Guidelines – thepublicvoice.org
- OECD Legal Instruments
- The Evolution of Cybercrime
- A Cybersecurity Checklist for Modern SMBs | Webroot
- The Ransomware Threat isn’t Over. It’s Evolving.| Webroot
- Cyber News Rundown: Massive Data Breach at Georgia Tech | Webroot
- Moody's Outlook Downgrade of Equifax: A Wake-up ...
- Former Student Admits to USB Killer Attack
- 55% of SMBs Would Pay Up Post-Ransomware Attack
- A Cybersecurity Guide for Digital Nomads | Webroot
- 7 Types of Experiences Every Security Pro Should Have
- 8 Personality Traits for Cybersecurity
- The eight traits the company said are indicative of a successful career in cybersecurity are modesty, altruism, composure, scientific, inquisitive, skeptical, responsive, and diligent.
- New Exploits For Old Configuration Issues Heighten ...
- WannaCry Lives On in 145K Infected Devices
- The Ransomware Dilemma: What if Your Local ...
- Open Security Tests Gain Momentum With More Lab ...
- GDPR's First-Year Impact By the Numbers
- My Ansible Roles | Calvin Bui
- RIP BBM: BlackBerry Messenger Shuts Down
- Running Systems » Blog Archive » SecureBoot and VirtualBox kernel modules
- WebLogic - JAVA_HOME in WebLogic, a nightmare? - Blog dbi services
- WebLogic - Upgrade of Java - Blog dbi services
- Chris's Wiki :: blog/solaris/ZFSDnodeIdsAllocation
- Why Linux RAID-10 sometimes performs worse than RAID-1 – The ongoing struggle
- Charlie Munger 2019 Wall Street Journal Interview Transcript — My Money Blog
- The Best Time To Plant A Tree Is Now — My Money Blog
- Charlie Munger: Financially Independent at Age 38 in 1962 — My Money Blog
- Munger’s example reaffirms that if you have a relatively high income, save a high percentage of that income, AND invest that money into productive assets, your net worth will grow quite quickly.
- Callan Periodic Table of Investment Returns 2019 — My Money Blog
- zerosum0x0: Avoiding the DoS: How BlueKeep Scanners Work
- Using osquery for remote forensics | Trail of Bits Blog
- Book Review – The Hacker Playbook 3: Practical Guide To Penetration Testing (Red Team Edition) – The Personal Blog of Sean Goodwin
- Interacting with FTP/SFTP using Powershell - Syspanda
- Benefits of Threat Modeling
- List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked - IT Governance Blog
- Equifax Expects U.S., Canada Watchdogs to Press Cases Over 2017 Breach - WSJ
- Healthcare reports highest number of data breaches: Study
- ONC Information Blocking Rule Raises Privacy and Security Concerns
- IT Security Vulnerability Roundup – May 2019
- Using Secure Configurations | Standardize Your Security - Linux Academy Blog
- As ONC Considers Info Blocking, IoT, Medical Device Guidance Needed
- States Imposing New Cybersecurity Requirements on Insurers
- cipl_principles_for_a_revised_us_privacy_framework__21_march_2019_.pdf
- privacy-framework-workshop-1-pre-read.pdf
- Proposed Overhaul of North Carolina Security Breach Notification Law Would Make It One of the Toughest in the Nation - Wyrick Robbins
- Global Privacy Push Drives Need for Security, Privacy Alignment
- Opinion | Why You Can No Longer Get Lost in the Crowd - The New York Times
- HHS Lowers Some HIPAA Fines - GovInfoSecurity
- The revised maximum annual penalties violations of HIPAA provisions are:
No knowledge - i.e. an entity did not know it was violating a provision - $25,000;
Reasonable cause, and not willful neglect - $100,000;
Willful neglect, but with timely correction (within 30 days) - $250,000;
Willful neglect that is not timely corrected - maximum annual penalty remains at $1.5 million.
- Belgian Data Protection Authority Releases 2018 Annual Activity Report | Privacy & Information Security Law Blog
- NIST launches development of a privacy framework
- New Jersey Amends Data Breach Law to Include Online Account Information | Privacy & Information Security Law Blog
- My Takeaways from the 2019 DBIR Report | Daniel Miessler
- How to use dnsenum for dns enumeration - Kali Linux
- Direct Liability of Business Associates | HHS.gov
- Useful links on various AWS topics | Techbrainblog
- Pi-Hole problem with dnsmasqd, LXD | Nelson's log
- BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia | Born's Tech and Windows World
- The Fascinating World Of Solder Alloys And Metallurgy | Hackaday
- Staff break IT rules in order to do their jobs with management the worst offenders
- Pain Points in Mortgage Lending | Tallan Blog
- Home lab setup, part 1 -
- China Prepares To Drop Microsoft Windows -- Blames U.S. Hacking Threat | Tux Machines
- What I Learned Trying To Secure Congressional Campaigns (Idle Words)
- The Coming Cyber War
- AND…now comes digital transformation…
- NVMe on Linux | Network World
- What's new with Red Hat Enterprise Linux 8 and Red Hat Virtualization | Tux Machines
- Gigabyte's next-gen SSD shows the incredible potential of PCIe 4.0
- Files Exposed Online Hit 2.3 Billion - Server Message Block Worst Culprit
- 6 Ways to Check Which Versions of .NET Framework Are Installed
- How to Debug a Bash Script like a Boss – Linux Hint
- Kubernetes Storage on vSphere 101 - The basics: PV, PVC, POD - CormacHogan.com
- Our thoughts on the new Java release system
- 24 Google Docs Templates That Will Make Your Life Easier
- Power Outage Corrupted XFS Filesystem | How I Fixed It – CubicleNate's Techpad
- Global Privacy Concerns: The Top 5 Cities Using Invasive Tech | Webroot
- The 5 keys of an Operator’s Security Plan for a health service - Security Art Work
- Zero Day Initiative — The May 2019 Security Update Review
- Civil Engineering Explained | Diary of a Network Geek
- Errata Security: A lesson in journalism vs. cybersecurity
- Errata Security: Your threat model is wrong
- Managing Your Security Logs: More than Just Set and Forget - Delta Risk
- Zero Day Initiative — CVE-2019-0708: A Comprehensive Analysis of a Remote Desktop Services Vulnerability
- Configure Azure Service Endpoints for Web Applications #Azure #ASE #Endpoints #AzureServiceEndpoints #webapp #AzureDevOps | Robert Smit MVP Blog
- Go Memory Management - Povilas Versockas
- Go Memory Management Part 2 - Povilas Versockas
- Go Memory Management Part 3 - Povilas Versockas
- List all SPNs in Active Directory | Mohammed Wasay
- Linux RAID-10 may not always be the best performer, but I don’t know why – The ongoing struggle
- How to Install AzCopy for Azure Storage - Thomas Maurer
- Information Security Mental Models – Chris Sanders
- Nearly 1 million Windows machines with BlueKeep vulnerability | Born's Tech and Windows World
- Update: The “wormable” Win XP/Win7 RDP security hole, BlueKeep, still hasn’t been cracked @ AskWoody
- How to control what employees can view and edit in Delve User Profiles - SharePoint Maven
- Cloud : Who are the gatekeepers now? | The ORACLE-BASE Blog
- The IT world has changed. The traditional power bases are eroding, and you’ve got to adapt to survive. Every time you say “No”, without offering an alternative solution, you’re helping to make yourself redundant. Every time you say, “We will need to investigate it”, as a delaying tactic, you’re helping to make yourself redundant. Every time you ignore new development and delivery pipelines and platforms, you are sending yourself to an early retirement. I’m not saying jump on every bandwagon, but you need to be aware of them, and why they may or may not be useful to you and your company.
- IPv6 Support in Microsoft Azure « ipSpace.net blog
- Your Guide To A Successful Presentation -
- How to deal with a jet lag, a few tips from a frequent traveller. - robbeekmans.net
- Rules of a thumb
Flying to the US – long day ahead, keep busy until 9-10pm
Adjust your sleeping rhythm in the US to as close as possible to your home rhythm
Careful with the booze
Careful with the calories
Sleep when flying home, you have a long day ahead
Get up on time, no sleep over the first week
Keep busy the first few days, tire your body.. clean the house (help your partner for once ;). )
No coffee after 3pm (before; loads)
I noticed by following these rules I still feel the jet lag but sleep soon after going to bed (might take half an hour where otherwise I would sleep seeing the bed).
- Jaffar's (Mr RAC) Oracle blog: Network design for Oracle Cloud Infrastructure
- Linux Scripting, Part III – DBAKevlar
- Failure is Not an Option — It’s a Requirement! | The SSD Guy
- Stage 0: “If it ain’t broke, don’t fix it.” This is a reactive solution to issues as they arise, that combines a lack of understanding of the workload with a penchant to purchasing to higher specifications than actually required leading to high costs.
Stage 1: “Test in production… and pray!” In this scenario equipment is slowly ramped into production with expansion plans based on vendor specifications. In some cases this results in unexpected failures some months after deployment, with highly-visible disruptions.
Stage 2: “Validation with freeware tools.” More sophisticated than the preceding scenarios, this one still has its problems. A mix of tools, including IOMeter, IOZone, Dbench, Fstress, and others, were designed for smaller workloads than GoDaddy’s massive systems. Not only do they fail to resemble the actual load, but they prove cumbersome to use in this magnitude of a system.
Stage 3: “Validation with custom tests.” GoDaddy developed a test the company calls “SwiftTest” that has been specially designed for the correct type of validation. The tool validates against full scale operation loads on a realistic emulation of the company’s production workloads.
Most importantly, though, is that SwiftTest is ramped up over the course of a few days to find where a new component will predictably fail. By doing causing these failures the storage team at GoDaddy can accurately predict the conditions under which new resources will be required, without guesswork. They don’t over-buy, and they reduce storage system failures.
But the key point is that they hammer on a piece of equipment until it breaks, and use that knowledge to plan their resources. The system’s failure is key to this understanding. Failure is a requirement!
- Understanding disaster recovery options for SQL Server
- Why is HPE 3PAR not moving to NVMe SSDs (yet)? | Architecting IT
- Why local governments are a hot target for cyberattacks | CSO Online
- ESP8266 Upgrade Gives IKEA LEDs UDP Superpowers | Hackaday
- Auction for a laptop full of malware closes at $1.2 million
- A threat actor scans Windows systems for BlueKeep vulnerability | Born's Tech and Windows World
- SignalsEverywhere: ADS-B Aircraft Tracking with RTL-SDR, dump1090 and Virtual Radar Server
- Short Article Explaining DSP Basics Without Math
- Assessing your disk performance and your needs: Choosing your Azure storage disks (Part 3) – Dynamics AX in the Field
- Walmart's New Way To Cut Health Costs: Better Medical Imaging For Workers : Shots - Health News : NPR
- Accountability vs. responsibility | Seth's Blog
- PerfView Hard Core CPU Investigations (Using CPU Counters) on Windows 10 – Vance Morrison's Weblog
- Office 2016 vs. Office 365: Differences and Licensing | Windows OS Hub
- Pragmatic Debian packaging (2019) | Vincent Bernat
- Microsoft 365 Licensing Diagrams | Alexander's Blog
- Intel Loses 5X More Average Performance Than AMD From Mitigations: Report
- UPenn Medicine's AI tool for data analytics is open-source, free to the public
- OpenJDK 8 and 11: Still in safe hands - Red Hat Developer Blog
- Health Port: Creates Solution for Open Source Electronic Health Records
- Bluetooth's Complexity Has Become a Security Risk | WIRED
- WannaCry? Hundreds of US schools still haven’t patched servers [Updated] | Ars Technica
- How To Enable Or Disable SSH Access For A Particular User Or Group In Linux? | 2daygeek.com
- Moody's downgrades Equifax outlook to negative, cites cybersecurity
- Lack of Secure Coding Called a National Security Threat
- After 2 Years, WannaCry Remains a Threat - BankInfoSecurity
- Here's all the important stuff Google announced at I/O 2019
- MIT AI model is 'significantly' better at predicting breast cancer
- Super Micro will move chip production out of China to avoid spying claims
- A ransomware attack is holding Baltimore's networks hostage
- A parent's guide to raising a good digital citizen
- Hacker Summer Camp 2019 Preview · System Overlord
- Windows Incident Response: Lessons From Time In The Industry
- Geometry in Image Forensics – We are OSINTCurio.us
- Basics of Breach Data – We are OSINTCurio.us
- Security of Connected Vehicles - Part IRafeeq Rehman – Personal Blog
- Mod Security Web Application Firewall
- Scottish Government Security Basics
- Cyber Essentials
- Continuous Integration. Continuous Delivery. Continuous Security? - via @codeship | via @codeship
- Ubiquiti Networks - Training Courses
- Healthcare Exchange Standards: FHIR Security & Privacy activities
- Singapore eHealth - Innovative Technologies and Security ~ Cyber Thoughts
- Introduction to analysing full disk encryption solutions | DiabloHorn
- Sunlight for the Ransomware Data Recovery Industry
- Sodinokibi Ransomware Poised to Impact Larger Enterprises
- DHS-CERT Alert 10KBLAZE | Onapsis
- Beyond wealth: What happens AFTER you reach financial independence?
- An introduction to square-foot gardening
- Episode 19: Democratizing Cybersecurity | Linux Journal
- Blindered by the GDPR | Linux Journal
- All About ITIL Levels and Their Badges – Running Your Business
- Kubernetes security: 4 strategic tips | The Enterprisers Project
- WebAuthn Web Authentication with YubiKey 5 | Linux Journal
- Java mon amour: good old friend JMeter
- Vulnerability Management vendors and Vulnerability Remediation problems | Alexander V. Leonov
- Code IB 2019: Vulnerability Management Masterclass | Alexander V. Leonov
- First American security flaw leaked 885 million real estate documents
- Ransomware attacks in US cities are using a stolen NSA tool
- What Is UFS 3.0? — The Powerful Successor To microSD Memory Card
- Here Are The Companies Who Have Banned Huawei
- Huawei Cannot Use microSD Cards In Its Future Devices
- How to Weaponize the Yubikey - Black Hills Information Security
- Portable Retro Game Console with 7.9-inch display | Hackaday.io
- Sound Card ADCs For Electrocardiograms | Hackaday
- A Farmer’s Guide to Technology | Hackaday
- Faxsploit – Exploiting A Fax With A Picture | Hackaday
- What Happened With Supermicro? | Hackaday
- Picking the Right Sensors for Home Automation | Hackaday
- Making a Dash Button Update Your To-do List | Hackaday
- Forget Artificial Intelligence; Think Artificial Life | Hackaday
- Shadowhammer, WPA3, and Alexa is Listening: This Week in Computer Security | Hackaday
- Windows Utility Helps ID Serial Ports | Hackaday
- Building A Windows 10 1903 (May 2019 Update) Reference Image with MDT – Stick To The Script
- Deploying A Windows 10 1903 (May 2019 Update) Reference Image with MDT – Stick To The Script
- Configuring Oracle DB data source in JBoss EAP 7.1 - Blog dbi services
- Documentum - Delete Remote Docbase - Strange behavior - Blog dbi services
- The Smart Conference Badge We Almost Failed Shipping
- Everything We Know About SpaceX’s Starlink Network | Hackaday
- By The Numbers: Which Rapper’s Rhymes Are The Freshest? | Hackaday
- Protecting Information Assets and IT Infrastructure in the Cloud | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, CSM
- US companies waste over two months a year resetting passwords
- .NET Framework is dead -- long live .NET 5
- Lack of security and operations basics leave businesses unprepared for breaches
- Three options companies should consider for backup & storage in 2019
- Reported data breaches up more than 56 percent
- Americans are overconfident about cybersecurity
- New privacy regulations mean your company needs better data management now
- 46 percent of organizations consider taking personal data out of the cloud
- New tool helps protect sensitive data on Oracle databases
- Half of companies missed GDPR compliance deadline
- Media server Serviio 2.0 adds multi-user streaming
- The changing landscape of cybersecurity
- Should I build a new media PC?
- Windows 10 V1903: Security Baseline final released | Born's Tech and Windows World
- David A. Wheeler's Blog
- GDPR one year on -- what have we learned and what happens next?
- 72 percent of cyber security professionals have considered quitting over lack of resources
- Cable Management Tips for Building Your New PC Like a Pro
- The 12 Best Search Engines to Explore the Invisible Web
- How to Install Windows 10 From a Bootable USB Drive
- Providing Healthcare Information Services in Small and Rural Libraries » Public Libraries Online
- The Illusion of "Doing Many Things" - briancasel.com
- If You Worry About 768K Day, You’re Probably Doing Something Wrong « ipSpace.net blog
- Ubiquitous VMware | Architecting IT
- Quick post: DISM and Features on Demand (FOD) | >_
- Talking to college students about information security · major.io
- Video: Finding Performance Bottlenecks of Windows Based Systems with PowerShell – Mike F Robbins
- Newbie Guide to Systems Engineering — ThinkCharles.net
- New – Opt-in to Default Encryption for New EBS Volumes | AWS News Blog
- Master VMware logging with these tools and strategies
- The problem with Googling for solutions | The ORACLE-BASE Blog
- Dissecting 190416 BP, PSU, RU and RUR - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Re-partitioning | Oracle Scratchpad
- Storage Executive Software
- Some Thoughts on Program-Level College Scorecard Data – Robert Kelchen
- Digital Forensics vs. Computer Forensics - Data Narro, LLC
- SQL Injection Protection - Data Security and Privacy - Thomas LaRock
- Examples of using Machine Learning on Video and Photo in Public « Oralytics
- Oracle ACE Program : How you "align" matters! | The ORACLE-BASE Blog
- The Hidden Gem that is StorPool | Architecting IT
- Some Btrfs vs Ext4 random-read/write performance observations | Ctrl blog
- BlueKeep: Windows Remote Desktop Services vulnerability exploits status | Born's Tech and Windows World
- Microsoft Azure Networking Slide Deck Is Ready « ipSpace.net blog
- Measuring Linux IO read/write mix and size – The ongoing struggle
- Connecting Go Lang to Oracle Database « Oralytics
- Which JDK should I use now?
- Java 8 vs Java 11 - What are the Key Changes?
- 5 of the Best LaTex Editors for Linux - Make Tech Easier
- DevOps salaries: 10 statistics to see | The Enterprisers Project
- Open source thermostat runs openHAB on a Raspberry Pi Zero W
- Good News! Indian State Saves $428 Million by Choosing Linux
- CGroup Interactions | Linux Journal
- GitHub - arendst/Sonoff-Tasmota: Provide ESP8266 based itead Sonoff with Web, MQTT and OTA firmware using Arduino IDE or PlatformIO
- Red Hat enables Lockheed Martin to deliver F-22 Raptor upgrades - Help Net Security
- 5 Open Source Wi-Fi Hotspot Solutions - DD-WRT, CoovaAP - Reports - LinuxPlanet - Linux Today Blog
- PiShrink - Make Raspberry Pi Images Smaller - OSTechNix
- How to Encrypt Linux Partitions with VeraCrypt on Ubuntu
- Data in a Flash, Part II: Using NVMe Drives and Creating an NVMe over Fabrics Network | Linux Journal
- DLNA server with MiniDLNA under Linux / Raspberry Pi – Unixblogger
- Kubernetes - Role Based Access - The IT Hollow
- 88 Important Truths I’ve Learned About Life
- How to Get Longer Life Out of Your Dell Laptop Battery | b3n.org
- Activist hacking declined 95 percent since 2015
- Activist hacking declined 95 percent since 2015
- Career advice I wish I'd been given when I was young - 80,000 Hours
- The State of IT Transformation: Legacy Infrastructure Jeopardizes Transformation Initiatives | APMdigest - Application Performance Management
- Chris's Wiki :: blog/solaris/OmniOSNo10GCost
- Chris's Wiki :: blog/sysadmin/InspectingTLSWithCertigo
- Chris's Wiki :: blog/unix/XtermKeybinding
- Blockchain for Impact: Blockchain Revolution Global Event Wrap-Up | Beth's Blog
- Application-Focused Backups | Architecting IT
- 0day "In the Wild"
- Oracle GoldenGate 19c is available for download for Linux
- VDI 3D Graphics and Game Demo - Horizon, GRID, vGPU - The time I've wasted on technology...
- Outsourcing my life: Why I pay others to do tasks I could do myself
- ‘Temporary Insanity’ Returns To Wall Street – The Felder Report
- 6 Tech Trends Dominating DevOps in 2019 – Running Your Business
- 4 Reasons Why Using Resumonk Can Help You Land the job You've Always Wanted – Business Ideas
- 5 Amazing Statistics About Remote Companies – Business Ideas
- The Pink Tax: The Hidden Cost Of Being Female | Get Rich Slowly
- Should You Care About an Inversion in the Yield Curve? – Business Ideas
- Linux Scripting, Part II – DBAKevlar
- You Don’t Want To Be A Rock Star | The Networking Nerd
- Howto Reinstall WSUS from Scratch - The time I've wasted on technology...
- Start with "Why?" | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, CSM
- Droplet Computing: The Drip, Drip Effect – Michelle Laverick…
- Mentoring Someone with Imposter Syndrome
- [Howto] ara – making Ansible runs easier to read and understand – /home/liquidat
- How to configure Windows Sandbox - Thomas Maurer
- Best Practices for Signing a Windows PowerShell Script
- Benchmarking Competencies for Digital Performance - Part 1 | APMdigest - Application Performance Management
- Setup SSH Keys on Ubuntu 18.04 - Low End Box Low End Box
- The Mythical Eight Hour Workday – Ethan Banks
- Get Shortcut contents in Powershell – Dimitri's Wanderings
- Powershell criticism: Part 2 – Dimitri's Wanderings
- Powershell criticism part 1 – Dimitri's Wanderings
- Start Stop service rights to non administrators – Dimitri's Wanderings
- Architecture for the cloud vs. on-premises – Dimitri's Wanderings
- Free Disk space on Windows drive – Dimitri's Wanderings
- Chris's Wiki :: blog/linux/AlpineOverNFSFix
- Chris's Wiki :: blog/linux/Ubuntu1804OddKernelPanic
- Data Breach revealed 1.5 Million Freedom Mobile Customers | Born's Tech and Windows World
- BitLocker management in enterprise environments | Born's Tech and Windows World
- Fifty Questions to Ask a Startup Founder During an Informational Interview — Stephanie Hurlburt
- Oracle 18c and 19c on Oracle Linux 8 (beta) | The ORACLE-BASE Blog
- Oracle Senior Architect: Web Logic Server 11g
- Writing Linux Scripts- Part I – DBAKevlar
- Top 10 Oracle E-Business Suite Security Risks | Integrigy
- Ethics in the AI, Machine Learning, Data Science, etc Era « Oralytics
- Python transforming Categorical to Numeric « Oralytics
- Data Sets for Analytics « Oralytics
- Guide to using and installing WSUS on Windows Server Core 2019 - The time I've wasted on technology...
- Machine Learning Tools and Workbenches « Oralytics
- APEX Connect 2019 - Day 3 - Blog dbi services
- APEX Connect 2019 - Day 2 - Blog dbi services
- APEX Connect 2019 - Day 1 - Blog dbi services
- IT And The Exception Mentality | The Networking Nerd
- VCP6.7-DCV Objective 7.15 - Utilize VMware vSphere Update Manager (VUM) | ESX Virtualization
- Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
- Data Protection in a Multi-Cloud World | Architecting IT
- Making the Case for SAN 2.0 | Architecting IT
- QLC NAND - What can we expect from the technology? | Architecting IT
- SQL Server 2017 RTM CU14 + GDR Released - Microsoft Tech Community - 566368
- OS/2 Museum | OS/2, vintage PC computing, and random musings
- VCDX181.com - SAP grants support for SAP HANA 2.0 on VMware...
- Run WSUS cleanup and index script on Windows Server Core without SQL Management Studio - The time I've wasted on technology...
- VCP6.7-DCV Objective 2.3 - Describe the options for securing a vSphere environment | ESX Virtualization
- Apple Patches ZombieLoad Vulnerabilities - TidBITS
- Best Creamy Lemon Parmesan Chicken Recipe - How to Make Creamy Lemon Parmesan Chicken
- CLI Still Sucks for Automation · Lindsay Hill
- Amazon S3 Path Deprecation Plan – The Rest of the Story | AWS News Blog
- How to list the naa-numbers of LUNs and VMware VMFSs on a Dell EMC Unity system - 50mu - about storage
- Tom's Top Ten Things Executives Should Know About Software - ACM Queue
- SAP on AWS Update – Customer Case Studies, Scale-Up, Scale-Out, and More | AWS News Blog
- A List Of What Makes WiFi 6 Technically Better ? - EtherealMind
- CCNA Training » OSPF Neighbor Sim
- Real-Life Data Center Meltdown « ipSpace.net blog
- Webcast – Install & Configure SQL Server with PowerShell DSC | SQLvariations: SQL Server, a little PowerShell, maybe some Power BI
- Chatterbox is a DIY Kids Smart Speaker that Features Open-Source and Private Voice Assistant, Mycroft - Voicebot
- Top list of computer forensics software – Linux Hint
- Chris's Wiki :: blog/tech/TLSCertificateIdentity
- Turbonomic 2019 State of Multi-Cloud Report – vcdx133.com
- Japan Is Developing First Computer Virus To Prevent Cyber Crimes
- Adding USB 3.0 Drivers to Windows 7 Install Media | Windows OS Hub
- Improving Application Performance with NVMe Storage - Part 1 | APMdigest - Application Performance Management
- New Security Baseline for both Windows 10 and Windows Server | KC's Blog
- Powershell Backup Script-Sharing Knowledge | Erwin Bierens Blog
- CentOS 7 – Windows Active Directory Integration using SSSD | geekdudes
- The Idiot made a Smart Mirror – Jon Spraggins
- Powershell Enable / Disable / Set / Show Windows Web Proxy-Sharing Knowledge | Erwin Bierens Blog
- How to import your existing SSH keys into your GPG key ! even the horse knew
- How to manage multiple SSH keys | Opensource.com
- Dell Technologies World 2019 – (Fairly) Full Disclosure | PenguinPunk.net
- D4stiny (Bill Demirkapi) · GitHub
- 18 Quick 'lsof' command examples for Linux Geeks
- Raspberry Pi Streams Music Using Only the Default Linux Tools | Hackaday
- Open source security: The risk issue is unpatched software, not open source use - Help Net Security
- How to geotag photos on Linux with Otto | Tōkyō Made
- Data in a Flash, Part I: the Evolution of Disk Storage and an Introduction to NVMe | Linux Journal
- Routing from a single public IP with Azure Firewall -
- dnsperf | DNS-OARC
- GitHub - DNS-OARC/flamethrower: a DNS performance and functional testing utility (by @NS1)
- New Features Coming to Debian 10 Buster Release - It's FOSS
- Dell Technologies World 2019 – Media Session – Architecting Innovation in a Multi-Cloud World – Rough Notes | PenguinPunk.net
- Dell Technologies World 2019 – Wednesday General Session – Optimism and Happiness in the Digital Age – Rough Notes | PenguinPunk.net
- Dell Technologies World 2019 – Tuesday General Session – Innovation to Unlock Your Digital Future – Rough Notes | PenguinPunk.net
- Dell Technologies World 2019 – Monday General Session – The Architects of Innovation – Rough Notes | PenguinPunk.net
- Dell EMC Announces Unity XT And More Cloudy Things | PenguinPunk.net
- Free Veeam VMCE Study Guide Download | ESX Virtualization
- New – Amazon Managed Blockchain – Create & Manage Scalable Blockchain Networks | AWS News Blog
- New – Amazon S3 Batch Operations | AWS News Blog
- Building Serverless Pipelines with Amazon CloudWatch Events | AWS News Blog
- hashing - Is there a built-in checksum utility on Windows 7? - Super User
- certUtil -hashfile pathToFileToCheck [HashAlgorithm]
- Design BOMs & my vSAN licensing cheat sheet mind map – Elastic Sky
- vCenter Server Appliance CLI - JSON Creator · davidstamen.com
- Blue circle in the vSphere client after upgrading to vCenter Server 6.7 Update 2 - ivobeerens.nl
- Unimus
- PCI ASV Partners - Clone Systems, Inc.
- AWS re:Inforce 2019 – Security, Identity, and Compliance | AWS News Blog
- Network Security right from the Beginning – Introducing DHCP-over-TLS (DoT) •
- CISSP certificate - II. Personal experience - Security Art Work
- CISSP certificate - I - Security Art Work
- Helping CISOs and Board Members Communicate on Risk: A Shared Assessments Summit 2019 Recap | Security Architects Partners
- Windows Incident Response: Registry Transaction Logs, pt II
- Windows Incident Response: Latest Testing: The Windows Registry, pt I
- Windows Incident Response: LNK Files In The Wild
- Unhardened Web Servers in Tor Have No Anonymity – We are OSINTCurio.us
- Certificates: The OSINT Gift that Keeps on Giving… – We are OSINTCurio.us
- Basic OPSEC Tips & Tricks for OSINT researchers – We are OSINTCurio.us
- So You Want to Red Team? · System Overlord
- The Difference Between Classical Liberalism and Libertarianism | Daniel Miessler
- Cybersecurity | Daniel Miessler
- The Difference Between Goals, Strategies, Metrics, OKRs, KPIs, and KRIs | Daniel Miessler
- Optimizing a Security Assessment Engagement
- Django vs. the OWASP Top 10 - Part 1
- SANS Digital Forensics and Incident Response Blog | A few Ghidra tips for IDA users, part 2 - strings and parameters | SANS Institute
- SANS Digital Forensics and Incident Response Blog | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code | SANS Institute
- SANS Digital Forensics and Incident Response Blog | A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters | SANS Institute
- Robert Penz Blog » Howto install Wireguard in an unprivileged container (Proxmox)
- Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903 – Microsoft Security Guidance blog
- The Azure Security Model, Part 1 - Access Control Basics
- Cyber Security First Step for Industrial IoT - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- SOAR: Doing More with Less
- Google Online Security Blog: Gmail making email more secure with MTA-STS standard
- Google Online Security Blog: The Android Platform Security Model
- Errata Security: Programming languages infosec professionals should learn
- USWDS: The United States Web Design System
- Throw Away Drives | Diary of a Network Geek
- California Assembly’s Privacy Committee Votes to Weaken Landmark Privacy Law | Electronic Frontier Foundation
- Hardware Hacking 101 - Lesson 3: Abusing UART (U Are RooT) - The Ethical Hacker Network
- The growing demand for managed detection and response (MDR) | CSO Online
- Navigating the AI hype in security: 3 dos and 2 don'ts | CSO Online
- Why your business continuity and disaster recovery plans should account for EMP attacks and GMD events | CSO Online
- GandCrab attackers exploit recently patched Confluence vulnerability | CSO Online
- Facebook Setting Aside Up To $5 Billion For Privacy Violations : NPR
- Ransom amounts rise 90% in Q1 as Ryuk increases
- Guide: Three Pillars of Preventing Business Email Compromise and Wire Fraud
- Why Asset Management is so important for Vulnerability Management and Infrastructure Security? | Alexander V. Leonov
- After Pentagon Ends Contract, Top-Secret Scientists Group Vows To Carry On : NPR
- Cumulative Update #17 for SQL Server 2014 SP2 - Microsoft Tech Community - 462772
- Largest Leak in History: Email Data Breach Exposes Over Two Billion Personal Records - CPO Magazine
- Multiply time by asking 4 questions about the stuff on your to-do list |
- Java mon amour: Jenkins enable project based security
- Java mon amour: WebLogic Security documentation
- The Wistar network emulator | Open-Source Routing and Network Simulation
- 3 Flourishing Sales Funnel Examples You Ought to Learn From – Online Businesses
- Oracle Security Alert CVE-2019-2725
- Intel’s Optane: Two Confusing Modes. Part 3) App Direct Mode | The SSD Guy
- Oracle Database 19c (19.3) : Installations, RAC, Data Guard etc. | The ORACLE-BASE Blog
- ncubeeight: My 20 years of web
- Learn Ansible By Doing With These Courses And Hands-On Labs - Linux Academy
- Early warning system | Joinup
- blueprint for clinician-led open software design.
- iLO recovery broken flash | panticz.de
- Set Up ParseDMARC on Ubuntu 18.04, 16.04 Server to Analyze DMARC Reports
- VMware ESXi Boot Failure from USB or SD Card with HPe iLO Amplifier and InfoSight - The time I've wasted on technology...
- Blue Zones: Financial Lessons From the World’s Oldest People — My Money Blog
- Big Data Is Big Business: Here's How to Become a Data Analyst
- Market Guide for Cloud Workload Protection Platforms - Virsec Systems
- Kanboard 1.2.7 Multiple Vulnerabilities
- Threat Modeling Methodology | OCTAVE, STRIDE, PASTA,Trike, VAST
- ZeroSec - Adventures In Information Security
- ZephrFish (ZephrFish) / Repositories · GitHub
- DNS Service Discovery (DNS-SD)
- CoreDNS: DNS and Service Discovery
- Pragmatic Blog: Denis Rechkunov – Paranoid Habits. Security Tips
- Understand Your Sphere of Control | #Resolve2015 | Keri Duce | Gross, Point-Blank
- Shadowing RDS 2012 Sessions – Ryan Mangan's IT Blog
- GitHub - gabemarshall/eversec_ctf: Public repo for the Eversec CTF.
- Correlating build numbers and versions of VMware products (1014508)
- MARS_GUUG2016.pdf
- Thomas_Schoebel-Theuer_-_MARS_Light__Replicating_Block_Devices_over_Long_Distances.e2308.pdf
- The World's Largest Repository of Historical DNS data
- Tell it to your Teddy Bear | Talk About Quality
- Red Team Toolkit Essentials, Tim Roberts
- Introducing: Detection Lab – Chris Long – Medium
- Active Directory Visualization for Blue Teams and Threat Hunters
- Three ways to pass credentials in a Powershell Script | Energized About PowerShell
- Export all windows domain computers to CSV from windows | SvennD
- EU law could fine sites for not removing terrorist content within an hour
- GitHub - clong/DetectionLab: Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
- The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP | NetSec Focus
-
- DNS Ping Scans via Open Resolvers
- Cybersecurity Bill Of Materials For Medical Devices: What’s Next
- SPNEGO - Wikipedia
- IEZoneAnalyzer v3.5 with Zone Map Viewer – Microsoft's USGCB Tech Blog
- Slido - Audience Interaction Made Easy
- Sidewalk Labs' street signs alert people to data collection in use
- CIA claims Huawei is funded by Chinese state security
- Chris's Wiki :: blog/links/SystemDashboardDesign
- Using SetupDiag.exe to Diagnose Windows 10 Upgrade Errors | Windows OS Hub
- Organizations Fail to Test Cybersecurity Incident Response Plans | APMdigest - Application Performance Management
- How to Use the Microsoft Anti-Malware Script Interface
- Java and Tomcat Updates : Vagrant and Docker | The ORACLE-BASE Blog
- Linux Server Hardening Using Idempotency with Ansible: Part 3 | Linux.com | The source for Linux information
- Cloud Security » Linux Magazine
- WOPR: Security Loses Some of its Obscurity | Hackaday
- Transcending the Stack with the Right Network Protocol | Hackaday
- The CD Is 40, The CD Is Dead | Hackaday
- The fast WekaIO file system saves you money! - FastStorage
- Digital Trust & Safety: Go beyond fraud prevention with Sift | Sift
- RSS Guard 3.5.7 - Neowin
- VSCodium - The advanced editor
- Top 25 Best Free Medical Imaging Software for Linux System
- Cops Are Increasingly Using Google's Location History Data To Nab Criminals
- Driftnet on Debian: Sniffing images within a network – Linux Hint
- Data Collection Standards in Privacy Legislation: Proposed Language - Lawfare
- Principles of AI Governance and Ethics Should Apply to All Technologies - Lawfare
- Estate Planning for Your Digital Assets: Smart Planning for Your Digital Demise | DennisKennedy.Blog
- Skills for Tech Pros of Tomorrow - Part 1 | APMdigest - Application Performance Management
- Using SSH Keys to connect to your VPS – Low End Box
- Linux Blackhole Tutorial – Adding and Removing A Null Route – Low End Box
- Create Team and Channels with PowerShell |
- Home Lab Information Management – Notes from MWhite
- Monoprice Maker Ultimate 3D Printer Review: Part 1 - set up and initial print
- Is it Elastalert? No – it’s NiFi!! – David Vassallo's Blog
- Consuming Netflow using NiFi – David Vassallo's Blog
- Early Retirement Extreme: — a combination of simple living, anticonsumerism, DIY ethics, self-reliance, resilience, and applied capitalism
- What is a zombie (comatose) server, and why should I care?
- Dread Pirate Roberts 2, the 'guiding mind' of Silk Road 2.0, jailed for over 5 years
- Thomas White, the founder of notorious website Silk Road 2.0, has been jailed for five years and four months by a UK court.
White, also known as Dread Pirate Roberts 2, was charged with not only running Silk Road 2.0 -- the site through which he earned hundreds of thousands of dollars per day on the dark web
Silk Road 2.0 had been set up by White with Blake Benthall (also known as DefCon) from the US after the FBI closed down the original Silk Road marketplace in 2013. White's pseudonym (or one of them, at least), was a nod to Ross Ulbricht, who was arrested for running the first site and used the name Dread Pirate Roberts.
- 2019 Women in Tech Report - HackerRank
- Tax identities up for sale on the dark web
- previous year's W-2 forms and 1040 forms available on the dark web at relatively low cost, ranging from $1.04 to $52. Names, social security numbers and birthdates can be obtained for a price ranging from $0.19 to $62.
There are also how-to guides on illicitly cashing out tax returns available for as little as $5.
- PC-as-a-Service or managed device services? The difference matters
- 61 percent of CISOs believe employees have leaked data maliciously
- 79 percent of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61 percent believe they have done so maliciously.
- 8 out of 10 top vulnerabilities target Microsoft products
- Eight out of 10 vulnerabilities exploited via phishing attacks, exploit kits, or RATs were targeting Microsoft products.
- 802.11ax Is NOT A Wireless Switch | The Networking Nerd
- Data center and server room considerations: What you need to know
- New VMware Security Advisory VMSA-2019-0006 - VMware Security & Compliance Blog - VMware Blogs
- Rubrik Color-Coded VM Backup Reports – Virtually Sober
- An Intro to OpenCensus - SFlanders
- virt-install + nbdkit live install | Richard WM Jones
- The Wide World of Microsoft Windows on AWS | AWS News Blog
- Windows 10 1809 and later slow on VMware | blog.erben.sk
- The issue is identified to be due to some guest OS behavior change in this version of windows 10, 1809 w.r.t thin provisioned disks and snapshots, this has been confirmed as a bug and will be fixed in the following releases – 6.5 U3 and 6.7U3, which will be released within End of this year (2019).
- 3-2-1 Backup Best Practices Using the Cloud
- 3 types of Navigation in SharePoint Online - SharePoint Maven
- The world of cybersecurity in numbers
- OSINT Framework | KC's Blog
- The EU releases guidelines to encourage ethical AI development
- Log2Ram: Extending SD Card Lifetime for Raspberry Pi LoRaWAN Gateway | MCU on Eclipse
- Under The Stairs: PowerShell 7 - Coming Soon!
- Windows hard disk space disappears – Offline files – MILOSZENGEL.com
- Lynis Overview & Installation – Low End Box
- Protecting the privacy interests of others – Blog FiascoBlog Fiasco
- Comparing and Syncing IIS Configurations - Devops Blog
- Top Colleges Aren't What You Think : NPR
- How To SlipStream Latest VMware ESXi patches into an Installation ESXi ISO File | ESX Virtualization
- Artificial Intelligence Could Improve Mammogram Accuracy : Shots - Health News : NPR
- Freed from storage failure by FreeNAS - MYstIC G
- Vrnetlab: Emulate networks using KVM and Docker | Open-Source Routing and Network Simulation
- Screen and Web scraping
- Automatic Clean-and-Updated Firewall Ruleset « ipSpace.net blog
- First Look: Microsoft Healthcare Bot | Tallan Blog
- 15 Practical Python Set Examples with a Sample Program
- Understanding lifecycle management complexity of datacenter topologies | the morning paper
- CephFS: a beginner's guide – Marksei
- joeware – never stop exploring… :) » Blog Archive » LDAP Ping and Determining Your Machine’s Site
- Cloud computing simplified: a Berkeley view on serverless computing | the morning paper
- Let’s talk about trace flags - Microsoft Tech Community - 386061
- Cumulative Update #16 for SQL Server 2014 SP2 - Microsoft Tech Community - 391101
- What if the Actual Execution Plan was always available for any query? - Microsoft Tech Community - 393387
- How To Configure a Shared Mailbox in Office 365. – TDSheridan Lab
- An example why NAT is NOT security | Sebastian Neef - 0day.work
- Active Directory Audit: Why and How | Security Architects Partners
- Ansible Dynamic Inventory for Proxmox | Lisenet.com :: Linux | Security | Networking
- Healthcare Exchange Standards: State of Healthcare Provenance today
- The 12 Worst Serverless Security Risks
- Install OpenVAS (GVM) on Kali 2019
- How CISOs should respond to the cybersecurity crisis
- The Role of Analytics in Protecting Healthcare Data Privacy and Security
- Trojan Horses for the Mind, Part 2 of Building Impactful Security Awareness Messaging
- Trojan Horses for the Mind
- Threat Detection for your Network using Kfsensor Honeypot
- Comprehensive Guide on Netcat
- In its ransomware response, Norsk Hydro is an example for us all
- Historical Communications Security | Diary of a Network Geek
- The buzz at RSA 2019: Cloud security, network security and more | CSO Online
- Under Attack: Over Half of SMBs Breached Last Year
- Threat Hunting 101: Not Mission Impossible for the ...
- 40% of Organizations Not Doing Enough to Protect ...
- 20 Years of STRIDE: Looking Back, Looking Forward - ...
- Adam Shostack
- 6 Essential Skills Cybersecurity Pros Need to ...
- The Matrix at 20: A Metaphor for Today's ...
- 12 tips for effectively presenting cybersecurity to the board | CSO Online
- Windows security updates that require new registry keys | CSO Online
- 7 keys to a successful IT security career | CSO Online
- The 6 biggest ransomware attacks of the last 5 years | CSO Online
- Cr1ptT0r Ransomware Targets NAS Devices with Old Firmware
- Dharma ransomware recovery rates fall as ransom demands skyrocket
- How to rotate your source IP address - Black Hills Information Security
- Oracle mail warns about a critical Java 8 update coming | Born's Tech and Windows World
- Security: Windows-Spoofing via .reg files | Born's Tech and Windows World
- Patch Lady – Domain admins and issues with KB4489878 @ AskWoody
- DTrace for Windows available | Born's Tech and Windows World
- This free AI reads X-rays as well as doctors
- What about a 3D Printed Mini-ITX NAS Case? - briancmoses.com
- Treat staff like adults and equals | The IT Skeptic
- Invalid State of a Virtual Machine on VMWare ESXi | Windows OS Hub
- 4 ITSM Priorities for Digital Transformation | APMdigest - Application Performance Management
- Under The Stairs: Moving from PowerShell Journeyman to PowerShell Master
- How to Fix “Trust relationship has failed” Error
- Upgrade Windows Server from Evaluation to Full
- Desired State Configuration in PowerShell
- Attach a USB Device to a Virtual Machine in VMware
- How to Split a Windows Image File (WIM to SVM)
- Automating The Installation Of VMware ESXi With PowerCLI
- VMware: Change IOPS Limit From 1000 to 1 | PeteNetLive
- Quick and Dirty Image Factory with MDT and PowerShell | Keith's Consulting Blog
- Do You Need to Update KRBTGT Account Password? | KC's Blog
- Chris's Wiki :: blog/tech/NVMeAndTechChange
- Chris's Wiki :: blog/sysadmin/OurDNSCircularDependency
- Check if Powershell Script is Running as Administrator using Snippet
- Product roadmaps are inferior to product forecasts – Blog FiascoBlog Fiasco
- Exploiting Poor SMB Configuration – ls /blog
- gallery-dl - Download Image Galleries And Collections From The Command Line - Linux Uprising Blog
- code integrity vs data security
- The impact of the GDPR - privacy matters
- openDCIM - Open Source Data Center Infrastructure Management
- Security clashes with cloud: Offensive Security CEO talks cultural mindsets, leadership challenges | ZDNet
- radare
- FinalCrypt - Free One Time Pad Encryption
- GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response
- MIG: Mozilla InvestiGator
- GRR Rapid Response: remote live forensics for incident response - LinuxLinks
- IOInsight
- As Built Report | Tim Carman
- Chinese Woman Carrying Malware Allegedly Got Into Mar-a-Lago
- Mar-a-Lago's Security Problems Go Way Beyond a Thumb Drive | WIRED
- Latest Ransomware 'Xwo' Attacks PCs With Default Passwords
- Xwo
- Format your log messages in Python - Blog - syslog-ng Community - syslog-ng Community
- Security Researchers say Half Of Industrial Control System Networks Have Faced Cyber Attacks – ls /blog
- 5 open source tools for teaching young children to read | Opensource.com
- USB4: What this future standard means for USB chaos and Thunderbolt 3 | PCWorld
- The Best Antivirus Programs for Ubuntu - Make Tech Easier
- Different Ways To List Directory Contents Without Using ls Command
- Automation Could Help Organizations Manage Risk: Cybersecurity Research
- Episode #206 Running Django in Production - [Talk Python To Me Podcast]
- Former Senate IT worker pleads guilty to doxxing senators on Wikipedia
- Microsoft is shutting down its HealthVault patient record service
- US Household Spending Breakdown: Top 20% vs. Bottom 20% — My Money Blog
- My life philosophy: 50 lessons from 50 years
- The Best Business Books for Students Who Want to Be Financially Literate
- UN says US fears over Huawei’s 5G are politically motivated
- HCIBench 2.0 is Here! — ThinkCharles.net
- Indian health agency exposes details on millions of pregnant women
- Oracle 18c/19c and ActiveDirectory – Laurent Schneider
- The Renaissance of Data ONTAP | Architecting IT
- Windows Server 2019 Licensing Calculator - VirtuallyInclined.com
- Windows Server 2019 Comparison | Microsoft
- An Intro to Observability - SFlanders
- Datera and the Rise of Enterprise Software-Defined Storage | PenguinPunk.net
- New Veeam Backup & Replication Community Edition for home labs is free! | TinkerTry IT @ Home
- Terence Luk: Using wmic (Windows Management Interface Command) to remotely uninstall applications
- VAST Data – No More Tiers Means No More Tears? | PenguinPunk.net
- Glenn K. Lockwood: VAST Data's storage system architecture
- VAST decouples compute and storage – Blocks and Files
- VAST Data's Universal filesystem – Blocks and Files
- VAST Data: The first thing we do, let's kill all the hard drives – Blocks and Files
- Spectre/Meltdown Performance Impact Across Eight Linux Distributions - Phoronix
- Backups | Roadmap to Securing Your Infrastructure - Linux Academy Blog
- Wiping harddisks in 2019 - Daniel Lange's blog
- Essential System Tools: Firejail - Excellent Security Sandboxing - LinuxLinks
- Protection Poker: An agile game for mitigating risk | Opensource.com
- Antennas in Linux | Linux Journal
- Kali Linux Forensics Tools – Linux Hint
- SMB Exploited – ls /blog
- Being open builds trust | Joinup
- 25 Most Common IoT Security Threats in an Increasingly Connected World
- Economical append-only offsite backups with restic and Wasabi on Debian 10
- AWS Careers: On the Road to All 9 AWS Certifications - Linux Academy Blog
- MITRE names The Document Foundation as a CVE Numbering Authority (CNA) - The Document Foundation Blog
- How to install the OpenVAS security audit tool on Ubuntu Server 18.04 - TechRepublic
- sudo add-apt-repository ppa:mrazavi/openvas
sudo apt-get update
sudo apt install sqlite3 openvas9 libopenvas9-dev -y
sudo greenbone-nvt-syncsudo greenbone-scapdata-sync
sudo greenbone-certdata-sync
sudo systemctl restart openvas-scanner
sudo systemctl restart openvas-manager
sudo systemctl restart openvas-gsa
sudo systemctl enable openvas-scanner
sudo systemctl enable openvas-manager
sudo systemctl enable openvas-gsa
sudo openvasmd --rebuild --progress --verbose
sudo openvas-check-setup --v9
- SAP Open Sources Java SCA Tool
- Why Trust Is Key for Cyber-Security Risk Management
- Open Source Healthcare Visualizations
- “Severe” ransomware attack cripples big aluminum producer | Ars Technica
- Happy Birthday SAP Linux Lab! | e3zine.com
- NetBIOS Auxiliary Modules – ls /blog
- HAProxy - a journey into multithreading (and SSL)
- 10 Excellent Web Project Management Software - LinuxLinks
- These are the most insecure programming languages | ZDNet
- How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
- LockerGoga: The Dangerously Changing Face Of Ransomware
- What You Need to Know About the LockerGoga Ransomware - Security News - Trend Micro USA
- Configure two node Squid (Proxy Server) Clustering using Pacemaker on CentOS 7 / RHEL 7
- The Ingredients of a Successful Digital Transformation Strategy
- GitHub - edmunds/shadowreader: Serverless load testing for replaying production traffic. Powered by AWS Lambda.
- CopperheadOS' Android Pie update is now available for the Pixel & Pixel 2
- CopperheadOS
- 5 Ceph storage questions answered and explained
- Digital transformation, cultural modernization cannot be mutually exclusive - Federal News Network
- How to Set Up OpenStreetMap Tile Server on Ubuntu 18.04
- DSHR's Blog: Compression vs. Preservation
- Key takeaways on upgrading to Java 12
- JAVA 12 Series Index
- Quick guide to typeperf for Windows performance monitoring | Erik Wramner
- Oracle E Business Suite and Java Security What You Need to Know | Integrigy
- Oracle RAC vs. SQL Server AG – DBAKevlar
- DeployHappiness | Making Life Hard for a Phisher – How to Report a Phishing or Malicious Website
- Fast copies with Solaris 11.4 | rootpool
- Intel’s Optane: Two Confusing Modes. Part 2) Memory Mode | The SSD Guy
- Intel’s Optane: Two Confusing Modes. Part 1) Overview | The SSD Guy
- I can't stand world backup day | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, CSM
- PSA: Isilon L3 cache does not enable with a 1:1 HDD:SSD ratio - FastStorage
- How To Install SQL Server 2019 on Linux (CentOS) - Mohammad Darab
- DHS issues warning about Medtronic implantable defibrillator flaws
- iTWire - Norwegian firm attack likely through Microsoft Active Directory: claim
- Norsk Hydro
- Benchmarking A 10-Core Tyan/IBM POWER Server For ~$300 USD - Phoronix
- Oracle vs. SQL Server Architecture – DBAKevlar
- iLO - IPMI on HP servers | panticz.de
- 40 Linux Server Hardening Security Tips [2019 edition] - nixCraft
- Bare-Bones Monitoring with Monit and RRDtool | Linux Journal
- There’s Something About Service Accounts – Active Directory Security
- What is SNIA’s Persistent Memory Programming Model? | The SSD Guy
- Terence Luk: Security tab for Internet Explorer 11 displays a lock key icon for Internet, Local intranet, Trusted sites, and Restricted sites zones
- Docker tips and tricks for your Go projects | Marco Franssen
- VCP6.7-DCV Objective 1.10 - Describe a virtual machine (VM) file structure | ESX Virtualization
- New – Gigabit Connectivity Options for Amazon Direct Connect | AWS News Blog
- Azure Blueprints: ISO27001 Shared Services - Eric’s Azure Blog
- GitHub - StreisandEffect/streisand: Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
- vSphere 6.7 Basics – Part 2 – vCenter Server Appliance Install – vcdx133.com
- Migrating DB2 Databases to Azure – DBAKevlar
- Nested ESXi Templates - EverythingShouldBeVirtual
- Azure Blueprints - Eric’s Azure Blog
- Putting AWS security services to work for you | AWS News Blog
- Alien Pastures » Explorations into the world of electronic music production
- 100 Useful Vim Commands That You'll Need Every day
- The Quiet Spread of Data Brokers Selling Your Personal Information - TidBITS
- Windows Persistence with PowerShell Empire
- Businesses Warned of Malware Spread via LinkedIn Job Offers
- Thousands of patients impacted by ransomware attack at medical billing company
- Episode 008 - What is Software Testing? - The Evil Tester Show - EvilTester.com
- Are there any programming Katas related to testing? - EvilTester.com
- What is Software Testing And Why Do We Test Software? - EvilTester.com
- Massive Database Leak Gives Us a Window into China’s Digital Surveillance State | Electronic Frontier Foundation
- Learn about computer security with the Raspberry Pi and Kali Linux | Opensource.com
- Powershell – Windows firewall rules with ports – Luka Gros
- Defending Against Remote Desktop Protocol Attacks – The Back Room Tech
- Powershell and Lotus Notes pt3 – Luka Gros
- News about the broken MSComCTL.ocx updates on Office | Born's Tech and Windows World
- MSComCTL.ocx
- The Anatomy of an AWS Key Leak to a Public Code Repository | Technodrone
- A brief history of the admins time | rootpool
- Tech Refresh as Part of an Effective Vulnerability Management Program: Part Three - Delta Risk
- Opening a New Door of Opportunity | Thom Langford
- Axonius' 'Unsexy' Tool Wins RSAC Innovation Sandbox ...
- Axonius
- It's Time to Rethink Your Vendor Questionnaire
- Vulnerability Management at Tinkoff Fintech School | Alexander V. Leonov
- An all-in-one cyber toolkit for criminal investigations - Purdue University News
- Equifax defends against scathing Senate report
- Paravirtualization
- Spy Games: the NSA and GCHQ Offer Their Software to the Open Source Community | Linux Journal
- GitHub - eerotal/LibreSignage: An open source digital signage solution
- 13-Yr-Old Girl Arrested In Japan For Posting Infinite Loop Code
- Linux In Safety-Critical Systems Is Coming Soon With Project ELISA
- ELISA
- iGen and Cyber Security Research | Whitepaper | SANS Institute
- DIY Portable KVM Crashcart From Recycled Laptop Provides VGA Display and USB Keyboard Touchpad With Optional Raspberry Pi: 14 Steps
- As the web turns 30, is it an out-of-control monster? - Japan Today
- Assessing your disk performance and your needs: Analyzing collected data (Part 2) – Dynamics AX in the Field
- Assessing your disk performance and your needs: Collecting relevant data (Part 1) – Dynamics AX in the Field
- SignalsEverywhere Video: SDRAngel How to Receive Basics Tutorial
- The Essential Microsoft Excel Formulas and Functions Cheat Sheet
- The Problem With ERP - IT Jungle
- Who Invented the First Computer and When? We Investigate
- Changes to Garbage Collection in Java 12
- Java mon amour: Kubernetes cheat sheet 2
- Java mon amour: Kubernetes cheat sheet 3
- IDEAS IN FOOD: Fried Angel Hair Parm
- Here's Why IT Teams Spend Too Much Time on Network Troubleshooting | APMdigest - Application Performance Management
- Making A Hammer With Beautiful Engravings | Hackaday
- This Cardboard Box Can Tell You What It Sees | Hackaday
- U.S. GAO - DOD Training: U.S. Cyber Command and Services Should Take Actions to Maintain a Trained Cyber Mission Force
- Remembering Eisenhower’s Middle East Force Resolution - Lawfare
- DSHR's Blog: Demand Is Far From Insatiable
- Raspberry Pi based indoor air quality monitor « Dangerous Prototypes
- DIY NAS: 2019 Edition - briancmoses.com
- Pepperdata Releases Free Big Data Cloud Migration Cost Assessment | APMdigest - Application Performance Management
- Reinventing ITSM? It's Not Going Away - Part 2 | APMdigest - Application Performance Management
- Reinventing ITSM? It's Not Going Away - Part 1 | APMdigest - Application Performance Management
- Which Windows Server 2019 Installation Option should I choose? - Thomas Maurer
- Chris's Wiki :: blog/sysadmin/ScriptsPromptImprovements
- PowerShell Automation Script for IIS installation and more. | Nerd Drivel
- Spectre and VMWare – Stuff I'm Up To
- Oracle 19c Automatic Indexing — How well it’s understood?
- Get All DCs in the Entire Forest | Mohammed Wasay
- Stop audio pops on Intel HD Audio · major.io
- Downgrade HP TPM From TPM 2.0 to TPM 1.2 - Daniel Classon
- Generating Various Types of Group Policy Reports | KC's Blog
- Exploiting secondary data with NDAS from NetApp | Architecting IT
- Applocker and PowerShell: how do they tightly work together? | >_
- Degrading qemu performance in DooM – Virtually Fun
- Getting started with Pulumi on Azure - Cloud for the win!
- Pulumi
- My awesome-podcasts List | Technodrone
- Sysadmin Stories: Running Veeam PowerShell Scripts in Non-Interactive Mode - Credentials
- End of an era, Linux to Deprecate a.out support – Virtually Fun
- BlgNetAutoSol/2_Easy_Wins at master · writememe/BlgNetAutoSol · GitHub
- Iranian hackers stole terabytes of data from software giant Citrix
- Free Morningstar Premium Mutual Fund Reports via Public Library Card — My Money Blog
- Warren Buffett CNBC Interview 2019 Full Video, Full Transcript, and Notes — My Money Blog
- Personal Finance on a 3×5 Index Card: Classic and New Young Adult Version — My Money Blog
- Big Data Is Big Business: Here's How to Become a Data Analyst
- What is money for? An evening with Vicki Robin
- Faster and bigger SSDs enable us to talk about something else than IOps - FastStorage
- How To Create A Recovery Services Vault In Azure - Blog dbi services
- Easter Egg in the Server Config Doc and How to configure Domino to restrict which groups can receive Internet mail | The Notes Guy in Seattle
- Mark Zuckerberg outlines a 'privacy-focused' revamp of Facebook
- Capsule8 Expands Linux-Based Threat Detection Platform for PCI DSS
- How To Create Fillable PDF Forms With LibreOffice Writer - Linux Uprising Blog
- SAP builds its own Java distribution | InfoWorld
- NIST and DFARS and Cyber Compliance! (oh my) « Virginia PTAP at George Mason University
- DFARS & NIST & Incident Reporting - Exostar NIST 800-171 - Exostar Documentation
- Compliance with DFARS 252.204-7012 & NIST 800-171; Expect 2019 to be the year of audit and enforcement - CyberSheath
- DFARS_final.pdf
- a495389.pdf
- 1018805.pdf
- More Than 22,000 Vulns Were Disclosed in 2018, 27% ...
- 7 cheap or free cyber security training resources | CSO Online
- Hack the Box
Pentester Academy
SANS Cyber Aces
OWASP Broken Web Apps Project
Offensive Security's free Metasploit course
Free book: Mitre's "Ten Strategies of a World-Class Cybersecurity Operations Center"
- The cybersecurity legislation agenda: 5 areas to watch | CSO Online
- The CSO and CPO role just dramatically expanded overnight | CSO Online
- Bare-metal cloud servers vulnerable to Cloudborne flaw | CSO Online
- The RDP Through SSH Encyclopedia - Black Hills Information Security
- Ransomware attacks hit Florida ISP, Australian cardiology group | CSO Online
- Unified Interface: Internet Explorer 11 Browser Update Issue – Dynamics 365 Customer Engagement Team Blog
- 'Car Talk' Lives On In Medical Education, Teaching Med Students How To Diagnose : Shots - Health News : NPR
- 5 Strategies For Answering Kids' (Super) Tough Questions : NPR
- Java mon amour: Kubernetes cheat sheets
- Java mon amour: Excellent Kubernetes Developer Certification training on Udemy
- Java mon amour: CKA Certification (Kubernetes Administrator)
- How to Sharpen Your Interview Skills With These Soft Skills Questions
- How to Record and Stream Live TV With Raspberry Pi
- HOWTO: Microsoft Certification Exam Preparation Generator – Please Work
- Leigh Johnson’s Guide To Machine Vision On Raspberry Pi | Hackaday
- Stethoscopes, Electronics, and Artificial Intelligence | Hackaday
- Hack My House: Raspberry Pi as a Touchscreen Thermostat | Hackaday
- 5 tips to help CIOs overcome patching problems
- DSHR's Blog: Economic Models Of Long-Term Storage
- Weather Station Project Overview
- Gartner: CIOs Will Be as Responsible for Culture Change as Chief HR Officers | APMdigest - Application Performance Management
- BitSight: Security Ratings Leader - Cyber Risk Management
- Home endpoints twice as likely to be infected as businesses
- The Surprising Secret to Improving Employee Engagement | Beth's Blog
- Ten things you need to know about Pass-through Authentication - The things that are better left unspoken
- Thoughts on VPNs for Road Warriors - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- The Strategy Private School Endowments Love the Most | Institutional Investor
- VulnReport Install ·
- First look on the new Azure Sentinel cloud-native with Azure Notebooks free service #Jupyter #SIEM #SIEMaaS #Azure #Sentinel | Robert Smit MVP Blog
- Learning about containers | Nelson's log
- Why I write my resume in LaTeX | Logan Marchione
- Security Thoughts: Veeam Backup & Replication leaks Azure Password in log - The things that are better left unspoken
- Saving regret — and how to avoid it
- The Trouble with Troubleshooting | APMdigest - Application Performance Management
- Chris's Wiki :: blog/sysadmin/PrometheusSubqueriesMathOverTime
- Diving into Merkle Trees
- PureBoot, the High Security Boot Process – Purism
- Strategies for securing container deployments | ITProPortal
- 5 Useful Tips for Better Tmux Terminal Sessions
- Reducing security risks with centralized logging | Opensource.com
- Full API lifecycle management: A primer - Red Hat Developer Blog
- An LA hospital will put Alexa in over 100 patients' rooms
- France’s New Offensive Cyber Doctrine - Lawfare
- Introduction to spatial joins with QGIS | Opensource.com
- Twenty years of U.S. government inflation data
- Berkshire Hathaway 2018 Annual Letter by Warren Buffett — My Money Blog
- Who Shoulders the Burden of Federal Income Taxes?
- You MUST patch 12.1.0.1 and 11.2.0.3 and older before June 2019
- The Cloud Migration Journey Series – Ather Beg’s Useful Thoughts
- SignalsEverywhere Podcast EP1: Es’hail-2, Favorite RTL-SDR Blog Posts and What SDR Should I Get?
- A Sense of Urgency: Money Can’t Buy You More Time — My Money Blog
- Internet gatekeeper warns of 'ongoing and significant' DNS attacks
- Hacking Amazon dash buttons, the hard way, with OpenWRT – Huan Truong's Pensieve
- OSSEC Installation Guide for Ubuntu - < 10 min to Raise the Defences
- Wireshark Tutorial and Tactical Cheat Sheet | HackerTarget.com
- Tcpdump Examples - 22 Tactical Commands | HackerTarget.com
- 22 SSH Examples, Practical Tips & Tunnels | HackerTarget.com
- Ubuntu, DNS, and sudo | Nelson's log
- Adding Cover Art to FLAC file from Command Line and GUI - Life of a Geek Admin
- How To Mount and Unmount ISO files using PowerShell - Life of a Geek Admin
- Nessus, OpenVAS and Nexpose VS Metasploitable
- eurobsdcon_silbersack.pdf
- Michael James Silbersack
- 800 Free eBooks for iPad, Kindle & Other Devices | Open Culture
- pki - CAC enable JBoss - Stack Overflow
- External and Federal PKI Interoperability
- TCP timestamps - ForensicsWiki
- Mitigating End of Life Technology by Bill Keyworth: BSMReview.com
- Useful WMIC Queries Computer Info | g.fisk
- Remote Desktop – Black Screen Of Death | g.fisk
- Network performance with VMXNET3 on Windows Server 2016 - Life of a Geek Admin
- Disable TCP and ICMP Timestamps - Whonix
- Patch Tuesday, February 2019 Edition — Krebs on Security
- Replacing default certificates with CA signed SSL certificates in vSphere 6.x (2111219)
- Configuring CA signed certificates for ESXi 6.0 hosts (2113926)
- Replacing ESXi SSL Certificates and Keys
- Sleeping at Night: Cybersecurity, Patient Safety and the Radiology Department
- Building A Cybersecurity Team in Radiology | Imaging Technology News
- Cybersecurity for Medical Imaging Departments – LINK
- Cybersecurity Increasingly Critical for Medical Imaging
- How to Choose Between Penetration Tests and Vulnerability Scans | EdTech Magazine
- Welcome to MWR Labs - Cyber security research and development
- CISSP Exam Changes: Tips and tricks to pass the new CAT format - YouTube
- (172) MF Prod - YouTube
- (172) Free CISSP Study Questions of the Day from IT Dojo - YouTube
- (172) Larry Greenblatt - CISSP 2018 Exam Tips - YouTube
- DoD Approved 8570 Baseline Certifications
- Major Security Breach Found in Hospital and Supermarket Refrigeration Systems
- ONTAP 9 Antivirus Configuration Guide - ECMLP2492609
- What is EMC's CAVA / Common Event Enabler? - THE SAN GUY
- Anti-virus on VNX CIFS Servers » Cyberfella Ltd
- Programming Books You Wish You Read Earlier
- 2019 Update on frameworks, standards, and regulations for infosec - Security Boulevard
- Top 30 Information Assurance Analyst Interview Questions and Answers for 2019
- Brain-hacking: Why Social Engineering is so effective - Security Boulevard
- CIPHER Selected as Top 10 Best Performing MSSP
- When it Comes to NIST 800-171 Compliance – There’s ‘On Time’ and There’s ‘Lombardi Time’ - Security Boulevard
- Cyberattacks in a Global Supply Chain: How Compliance Officers Can Mitigate Risk - Security Boulevard
- The Complete Application Security Checklist | Synopsys
- The Route of a Text Message, a Love Story - Motherboard
- DFARS Cybersecurity Audits: What to Expect
- Lessons learned from the Microsoft SOC—Part 1: Organization - Microsoft Secure
- Toyota Australia driven offline by cyber attack, as heart hospital hit by ransomware
- HoneyPy - A Low To Medium Interaction Honeypot - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- OSFClone - Open Source Utility To Create And Clone Forensic Disk Images - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- These Are the Countries With the Best and Worst CybersecuritySecurity Affairs
- Best practices for handling gaps in cloud security - TechRepublic
- Remember, data privacy is always the end goal of any security measure; don't lose sight of this fact: Protecting information is the top priority.
- Free Tool: Honey FeedSecurity Affairs
- ATT&CKized Splunk - Threat Hunting with MITRE’s ATT&CK using SplunkSecurity Affairs
- Windows® Domain Controller and Zero Trust Security | JumpCloud
- Benefits of OpenLDAP™ | JumpCloud
- How to Turn a Raspberry Pi Into a VPN-Secured Travel Router
- The Rise of Ransomware and the Consequences for SMBs
- 11 Takeaways: Targeted Ryuk Attacks Pummel Businesses
- Healthcare Exchange Standards: Segmenting Sensitive Health Topics
- Japan Security Analyst Conference 2019 -Part 2- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Iptables Essentials - Common Firewall Rules And Commands - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Powershell – My Setup at Work as a SysAdmin
- SEAL Training | Diary of a Network Geek
- Hacking Healthcare Live: Bits and Bytes Meet Flesh and Blood ~ Cyber Thoughts
- Ryuk Ransomware, Exploring the Technical and Human Connections
- Six tips for securing identity in the cloud – Microsoft Azure Government
- The cybersecurity legislation agenda: 5 areas to watch | CSO Online
- 7 cheap or free cyber security training resources | CSO Online
- DIY X-Ray Machine Becomes CT Scanner | Hackaday
- The Woeful World of Worldwide E-Waste | Hackaday
- Exploration of Cooking
- Bullet Journaling for Nonprofit Professionals | Beth's Blog
- Industrial Security | Tenable®
- Dtex Systems - User Behavior Intelligence
- DeployHappiness | A Universal Naming Scheme for Your Devices
- 83 percent of US organizations have accidentally exposed sensitive data
- The five most common technologies that have led to accidental data breaches by employees are external email services like Gmail and Yahoo (51 percent), corporate email (46 percent), file sharing services like FTP sites (40 percent), collaboration tools such as Slack and Dropbox (38 percent), and SMS/Messaging Apps like G-Chat and WhatsApp (35 percent).
- Wandera | Mobile Security
- Jaffar's (Mr RAC) Oracle blog: What's new in 19c - Part III (Data Guard)
- Japan scholar and translator Donald Keene dies at 96 - Japan Today
- Comprehensive Guide on Snort (Part 1)
- I'm resigning from SANS - Black Hills Information Security
- Spectre is here to stay An analysis of side-channels and speculative execution
- Data lakes, observability, and making devs awesome - SysAdmin1138 Expounds
- SEC575_iOS12_AndroidPie_Handout.pdf
- How to make Email Bot service in Python | Alexander V. Leonov
- The Average Cost of Fighting a Cyberattack Now Exceeds $1.1M | DEVOPSdigest
- $1.1M
- Automating snapshots with pyznap on Centos 7 | SvennD
- Bureaucracy survival skills – Blog FiascoBlog Fiasco
- What happened with Citrix Printing throughout 2018?!
- smbclient receiving error message: protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED | setaOffice
- Vulnerababe UNACEV2.DLL puts software like WinRAR at risk | Born's Tech and Windows World
- 7-Zip Version 19.00 released | Born's Tech and Windows World
- End of General Support for vSphere 6.0 - Davoud Teimouri
- 30! TIPS on how to use Amazon Web Services (AWS) more efficiently – multiple cost savers included
- Version 2.0 of the Cloud Services Cheat Sheet is now live. Get it here!
- New Community (book) project – Byte sized Cloud design principles and architectural recommendations
- 'Yame-hara' - pressuring resigning workers not to quit - Japan Today
- Yame-hara
- Oracle Multimedia will be removed in Oracle Database 19c
- Oracle 18c Express Edition (XE) for Windows is available
- Jaffar's (Mr RAC) Oracle blog: What's new in 19c - Part II (Automatic Storage Management - ASM)
- Jaffar's (Mr RAC) Oracle blog: Whats new in 19c - Part I (Grid Infrastructure)
- DigitalOcean launches its managed database service | TechCrunch
- Re-Imagining Virtualization with Kubernetes and KubeVirt - Part II – Red Hat OpenShift Blog
- Monte Carlo Simulation with Python - Practical Business Python
- How to Automate FFmpeg and Bento4 With Bash Scripts
- CPDP2019 Computers, Privacy and Data Protection conference
- 7 Key Considerations for Kubernetes in Production - The New Stack
- Script to create mount points in LVM - Kernel Talks
- How to Create Bootable Ubuntu 18.04 USB Stick on Linux | Linuxize
- Implementing Dstat with Performance Co-Pilot
- Open Science, Open Source and R | Linux Journal
- vCenter 6.5 HA Installation and Configuration - vembu
- Configuring vCenter HA - Part 1 - vembu
- How To Migrate Shares and Files with ease by using Microsoft Storage Migration Service - Part 2 | ESX Virtualization
- NVMe-oF Support is now Released! | Cody Hosterman
- NVMe-oF
- Upgrading a Basic vCenter 6.5 HA Cluster to vCenter HA 6.7 U1 – The Wifi-Cable
- Tips for writing Vester test files, part 2 | Adventures in a Virtual World
- This vegetable curry has bold flavors to keep everyone happy - Japan Today
- Basics – The FARR Model | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, CSM
- Fault tolerance: This is your baseline protection against individual storage component failure. If a disk (or flash) drive fails, you don’t want to lose your data. While we take fault tolerance for granted as something we can control and see alerts for within an on-premises environment, there’s less visibility and control in public cloud. More so, fault tolerance doesn’t give you protection from anything other than storage unit failure.
Availability: “If a tree falls in the forest and no-one hears it, does it really make a noise?” That’s the old philosophical question that availability skirts around: if your data is online and error free, but you can’t access it, is it actually usable? Availability is about making sure you have protection against losing connectivity to the data/workload. For example: if your workload is one presented only back into the business, and the link between the business and the VPC in which it is running is lost, how do you get access to it again? Do you plan for multiple paths for availability, or do you accept a single point of failure on data/workload availability?
Redundancy: You’re hosting your service in AWS Sydney, and there’s a fire in the datacentre – what’s your failover strategy? You’ve built a whiz-bang application for your customers that relies on a back-end RDS database, and the region hosting that database starts experiencing RDS services going down. How (and to where) do you failover your database service to allow customers to keep doing what they need to do?
Recoverability: Ransomware gets into your VPC and encrypts all the data there. A developer accidentally issues a delete statement on the customer contact table within the production rather than development RDS environment. The CEO accidentally deletes critical O365 email folders. The block storage your service runs on suffers an outage and the cloud provider’s fault tolerance level was insufficient to prevent data corruption. Fault tolerance, availability and redundancy are all about avoiding as much as possible a data loss situation, but recoverability is how you handle the situation when the chips are down. Do you trust to cloud native protection, or use a mix of both? (Increasingly, mix of both is the safest, cheapest and most flexible way to go.)
- Easy 1-hour Pro Mini Classroom Datalogger [Build Update: Feb 2019] | Underwater Arduino Data Loggers
- Replacing the default (self signed) certificate on a RD Session Host server - Adrian Costea's blog
- Automating MDT Windows 10 Image Captures with Packer - WinSysBlog
- Replacing Self Signed Remote Desktop Services Certificate on Windows | Knowledge eXchange
- How to Modify Default Share Permissions and Other Tweaks • Helge Klein
- A little something about Share vs NTFS permissions
- Python, Your Friendly OSINT Helper – We are OSINTCurio.us
- Tracking All the WiFi Things – We are OSINTCurio.us
- Five Things You Can Do To Stay OSINT Curious – We are OSINTCurio.us
- Using OSINT for your personal threat model – We are OSINTCurio.us
- How to Enable Monitor Mode & Packet Injection on the Raspberry Pi « Null Byte :: WonderHowTo
- Tactical Nmap for Beginner Network Reconnaissance « Null Byte :: WonderHowTo
- Analyzing the Hacks: The Girl in the Spider's Web Explained « Null Byte :: WonderHowTo
- SSD, LVM and you: Zero data loss, LVM caching, and properly configuring your Linux box to get the most out of SSD! | The Doom'd Net
- SHA-2 patch for Windows 7 arrives on March 2019 | Born's Tech and Windows World
- How to Brute-Force Nearly Any Website Login with Hatch « Null Byte :: WonderHowTo
- How to Detect Vulnerabilities in a Web Application with Uniscan « Null Byte :: WonderHowTo
- Hubbard on Networking: AutoSSH on Odriod XU4 running Kali Linux 2
- Odriod XU4
- Hubbard on Networking: Create an HP iLo account when you don't know the Admin Password
- Hubbard on Networking: A Simple Python 3 Script for my Favorite nmap Scripts
- Hubbard on Networking: Useful Linux commands for troubleshooting WiFi
- Hubbard on Networking: Using iPerf3 to Test 2.5Gb/5Gb and 10Gb Links
- Hubbard on Networking: Update to testing 10Gb links with iPerf3
- Hubbard on Networking: Learning Python 3
- Hubbard on Networking: The tools on my Ubuntu 18.04 laptop
- Oracle Database Appliance (ODA) Installation, Configuration and Deployment Steps – Talip Hakan Ozturk's ORACLE BLOG
- Web and Podcast – We are OSINTCurio.us
- opatch lsinventory – Talip Hakan Ozturk's ORACLE BLOG
- Top 10 Things to Do After Installing Kali Linux « Null Byte :: WonderHowTo
- What’s new in ESXi 6.5 Storage Part I: UNMAP | Cody Hosterman
- Hubbard on Networking: Enabling TLS 1.1/1.2 for RDP in Microsoft Server 2008R2/Windows 7 SP1
- Setting the Standard for CVE - Lawfare
- Cimpanu: The US Govt Accountability Office recommends the US adopt GDPR-like privacy legislation @ AskWoody
- AWS Nitro System – Perspectives
- Data Breaches: What Do the Numbers Mean?
- Windows Firewall Post Exploitation with Netsh
- Upgrading / Migrating from vSphere 5.x to 6.x (6.5 , 6.7) best practices & Approach – Siva Sankar Blogs
- The Rise of the Corporate Technology Ecosystem (CTE) | Daniel Miessler
- DLA_Briefing_Template_as_of_10252017 - C151_CyberSecurity.pdf
- Brian Pippert
- SSL/TLS: How to choose your cipher suite - AMIS Oracle and Java Blog
- https://www.ryanfrantz.com/posts/when-does-an-investigation-end.html
- https://www.ryanfrantz.com/posts/architecture-reviews.html
- How to read fiction to build a startup | TechCrunch
- How to build a WiFi picture frame with a Raspberry Pi | Opensource.com
- DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- DCOMrade
- Lacking Medical Device Security Puts Everyone at Risk - Security Boulevard
- Introducing Zombie POODLE and GOLDENDOODLE
- Do You Have Security Champions in Your Company? A 6-Step Checklist for a Successful Program
- What is Security+ (Plus)? | TechRoots
- Federal PKI Security Challenges: Extending IDaaS with Certificate as a Service - Security Boulevard
- Beyond Tor: Examining the Uncharted Corners of the Dark Web - Security Boulevard
- The Costs of Cyberattacks Are Real | Radware Blog
- SSL/TLS Attacks, Part 3: Who’s at Risk from Compromised Digital Certificates? - Security Boulevard
- Zero Day Initiative — The February 2019 Security Update Review
- Windows Incident Response: Review: Tribe of Hackers
- Germany makes its cyber capabilities available for NATO allianceSecurity Affairs
- What, No Expense Account? My RSA 2019 Itinerary | Thom Langford
- Getting started with Linux Containers on Windows Server 2019 - Ben Thomas' Blog
- Update now! Microsoft and Adobe’s February 2019 Patch Tuesday is here – Naked Security
- Network Segmentation in the Zero Trust Era | Security Architects Partners
- Cyberinsurance and Acts of War - Schneier on Security
- The Complicated Economy of Open Source Software
- Step 5. Set up mobile device management: top 10 actions to secure your environment - Microsoft Secure
- Kaboom - Automatic Pentest - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Inside a GandCrab targeted ransomware attack on a hospital – Naked Security
- A comprehensive survey on graph neural networks | the morning paper
- Poka Yoke in Manufacturing - The Automation Blog
- Notes from OWASP Helsinki chapter meeting 36 – Rule of Tech
- The 5 Most Important Typography Terms, Explained
- .NET Framework February 2019 Security and Quality Rollup | .NET Blog
- HIMSS19: The Cybersecurity Obstacles, Opportunities Ahead
- Web Scraping Boilerplate: Everything You Need to Start Your New Python Scraping Project (Batteries Included)
- NIST Risk Management Framework Webcast: A Flexible Methodology to Manage Information Security and Privacy Risk | NIST
- How to improve your cyber resilience - IT Governance Blog
- Tech Refresh as Part of an Effective Vulnerability Management Program: Part Two - Delta Risk
- What CEOs Need to Know About the Future of Cybersecurity
- Toyota Prepping 'PASTA' for its GitHub Debut
- PASTA (Portable Automotive Security Testbed with Adaptability)
- Lessons Learned from a Hard-Hitting Security Review
- Jaspreet Singh
- Securing Clients SAP S4HANA Netweaver ABAP | Onapsis
- Getting PowerShell Empire Past Windows Defender - Black Hills Information Security
- Microsoft updates its schedule for SHA-2 ‘critical’ Win7 update, now due in March @ AskWoody
- ESXi: Slow Disk Performance on HPE Gen8 | Windows OS Hub
- AMP RJ-45 vs WE/SS (Regular) RJ-45 Plugs | Matt's Tech Pages
- Blockchain and Trust - Schneier on Security
- How To Migrate Shares and Files with ease by using Microsoft Storage Migration Service | ESX Virtualization
- Top 10 Critical Skills Every vSphere System Administrator Should Know
- ipmitool | panticz.de
- Load Testing Web Servers with Siege Benchmarking Tool
- Three stages of risk-based vulnerability management: Crawl, Walk, Run
- OpenJDK projects you should know about - Panama
- The Final Version of the EU's Copyright Directive Is the Worst One Yet | Electronic Frontier Foundation
- Programming Management & Leadership Books | b3n.org
- APM in a Digital World - Part 3 | APMdigest - Application Performance Management
- Microsoft Patchday: Other Updates February 12, 2019 | Born's Tech and Windows World
- APM in a Digital World - Part 2 | APMdigest - Application Performance Management
- APM in a Digital World - Part 1 | APMdigest - Application Performance Management
- 19c – Laurent Schneider
- Jaffar's (Mr RAC) Oracle blog: Oracle 19c and my favorite list
- Installing and running Oracle Database 19.2.0.0 on Oracle Linux 7 - DBA - Rodrigo Jorge - Oracle Tips and Guides
- It's now 2019, and your Windows DHCP server can be pwned by a packet, IE and Edge by a webpage, and so on • The Register
- Performance Tuning Dojo » ADMIN Magazine
- Cybersecurity Documentation: The Best Defense Is a Good Offense
- The Business of Organised Cybercrime - Security Boulevard
- Save and Invest | Investor.gov
- Five Convergence Solutions to Help Manufacturing Cross the IT-OT Security Schism
- Owning Your Legal Practice's Cybersecurity – MSPs and You
- Enhancing cyber threat protection in Microsoft Office 365 - Security Boulevard
- Why True End-To-End Encryption is Important for Distributed Apps - Security Boulevard
- 2019's Hottest, and Most Bankable, Security Certs - Security Boulevard %
- Five Major Cloud Security Roadblocks and Their Impact on the Enterprise - Security Boulevard
- Introduction to WiFi Security - Security Boulevard
- Quickly Gauge Your Serverless Security Readiness With This Short Quiz
- The Cyber-Risk Paradox: Benefits of New Technologies Bring Hidden Security Risks - Security Boulevard
- Microsoft Patch Tuesday updates for February 2019 fixes IE Zero-DaySecurity Affairs
- Cloud, On-Premises, or Hybrid – What Is the Best HSM Solution for You? - Security Boulevard
- “It is everyone’s business and responsibility” – 40+ Cybersecurity Professionals Share What They Wish Business Leaders Would Understand in Their Own Words - Security Boulevard
- Kubernetes Security Best Practices: From Hosting to Deployment
- Health Data Security: The Most Promising Technologies
- Ron Mehring
- Assessing IoT Risks in Healthcare Environments
- Julia Hesse
- Solving the TLS 1.0 Problem - Security documentation | Microsoft Docs
- Devastating Cyberattack on Email Provider Destroys ...
- Microsoft rolls out healthcare-focused chat features and AI assistants | FierceBiotech
- HIPAA Enforcement Update: Areas of Focus - HealthcareInfoSecurity
- Medical Device Cyber Risk: An Enterprise Problem
- CynergisTek
- Japan Security Analyst Conference 2019 -Part 1- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- HIMSS19 ~ Cyber Thoughts
- Who’s Responsible for Your Cyber-Security?
- How to Keep Your Kids Safe on the Internet (10 Actionable Tips)
- No left boundary for Vulnerability Detection | Alexander V. Leonov
- Use Group Policy To Manage Settings for Store Apps | Alexander's Blog
- Unexpected Microphone and Camera Behavior in Windows 10 Settings | Alexander's Blog
- Enterprise IT Moving More Workloads to Cloud in 2019 | APMdigest - Application Performance Management
- Copying Large Files over an Unreliable Network Using BITS and PowerShell | Windows OS Hub
- Integrating Windows Updates into Windows 10 Install Image | Windows OS Hub
- Work Optional by Tanja Hester: An honest review
- Using Azure Site Recovery for Migrations (Part 2) | PeteNetLive
- Using Azure Site Recovery for Migrations | PeteNetLive
- Remove unknown VM image from ESXi |
- Chris's Wiki :: blog/unix/GrepDevNull
- Microsoft analysis: 0-day vulnerabilities the biggest risk | Born's Tech and Windows World
- Patchday: Updates for Windows 7/8.1/Server Feb. 12, 2019 | Born's Tech and Windows World
- 500px reveals 2018 breach that exposed user data
- What's the right amount of swap space for a modern Linux system? | Opensource.com
- Hacking an Oracle Database and How to Prevent It | Integrigy
- oss-sec: CVE-2019-5736: runc container breakout (all versions)
- SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts | Techdirt
- Gain Valuable Kubernetes Skills and Certification with Linux Foundation Training | Linux.com | The source for Linux information
- Protecting the Logical Security of a Network Environment - InCyberDefense
- Multiple Factors Are Driving Growth at the CNCF
- One in six American adults now wear a computer on their wrist
- Terence Luk: Using InstallSoftwareRemotely.ps1 to upgrade VMware Horizon View Agent
- InstallSoftwareRemotely.ps1
- Document: Executive Order on Artificial Intelligence - Lawfare
- GDPR: Do your backups spark joy? | Data Protection: Avamar, NetWorker, Data Domain, RecoverPoint, CSM
- Veterans can access their medical info through Apple's Health Records
- Linked - New Research Reveals 6 Ways Leaders May Be Out of Touch With Their Employees
- Lawyers and Cybersecurity in 2019: Trends and Tips - MyCase Blog
- What Is Web Scraping? How to Collect Data From Websites
- Service Fabric Customer Architecture: ZEISS Group – AzureCAT Guidance
- SQL Mysteries: SQL Server Login Timeouts – A Debugging Story – SQL Server According to Bob
- Five lessons we learnt about GDPR in 2018 - Security Boulevard
- A Cybersecurity and Cloud Innovator – and a Great Partner - Security Boulevard
- 15 Hacker Types – The Good, the Bad and the Ugly
- Ransomware Evolution: GandCrab v5.1 New Exploit Kit Distribution and TOR Site Features - Security Boulevard
- Ohio Senate Bill 220 Incentivizes Businesses to Maintain Higher Levels of Cybersecurity - Security Boulevard
- The Perfect Sales Kickoff - Security Boulevard
- How Panorays is Different Than Other Third-Party Risk Management Solutions - Security Boulevard
- Panorays
- The 3 Pillars of the Modern-Day SOC - Security Boulevard
- Customers Blame Companies not Hackers for Data Breaches - Security Boulevard
- Immunizing Your Healthcare Technology Against Cybersecurity Threats - Security Boulevard
- Simplifying Cybersecurity Deployments with Automation - Security Boulevard
- B 00 Doesnt It make You WannaCry Mitigating Ransomware on a Windows Network David Branscome - YouTube
- The Cybersecurity Skills Gap: The Defining Skills Shortage of Our Age - Security Boulevard
- Cloud security infographic: The Facts | Intercity Technology
- How to Monitor File Changes across Windows Servers - Security Boulevard
- Quick Hit: Speeding Up a Slow/Mundane Task with a Little Rcpp | rud.is
- EdGuards - Security for Education
- SSL Attacks, Part 2: Where Can Cybercriminals Access Digital Certificates? | Venafi
- SSL Attacks, Part 1: Why Do Cybercriminals Abuse Digital Certificates? | Venafi
- A Revolutionary Approach to HIPAA Compliance - Security Boulevard
- HIMSS 2019 – Champions of Security Unite – Professionally Evil Insights
- iOS 12.1.4 Patches Three Major Flaws | Avast - Security Boulevard
- Whiskey | Daniel Miessler
- To Understand IoT Security: Look to the Clouds - Security Boulevard
- nDPI - Open Source Deep Packet Inspection Software Toolkit - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Microsoft will make Office Pro Plus GDPR compliant | Born's Tech and Windows World
- 'Grandmother Hypothesis' May Help Explain Why Women Live Past Menopause : Goats and Soda : NPR
- SQL Server Worker Thread Default Calculation – SQL Server According to Bob
- 7 Critical Job Application Mistakes to Avoid (Especially for New Graduates)
- The Best Portable Apps That Require No Installation
- Demystifying Stripe Width in vSAN — ThinkCharles.net
- Tips for writing Vester test files, part 1 | Adventures in a Virtual World
- OpenJDK projects you should know about: Valhalla
- SpeakUp Linux Backdoor targets Linux servers in East Asia and LATAM.Security Affairs
- Reverse RDP Attack - Rogue RDP Server can be used to hack RDP clientsSecurity Affairs
- Data breaches, GDPR lead 54% of companies to increase IT security spending - TechRepublic
- Business continuity in ISMS? - Security Art Work
- InfoSec Handlers Diary Blog - Struts Vulnerability CVE-2017-5638 on VMware vCenter - the Gift that Keeps on Giving
- InfoSec Handlers Diary Blog - UAC is not all that bad really
- Spy Versus Spy: How a Researcher And a Journalist Unmasked an Undercover Agent - Motherboard
- Michael on Security: March Updates on Frameworks & Standards
- Ransomware Victims Who Pay Cough Up $6,733 (on Average)
- Health Data Breach Tally: What’s New? - HealthcareInfoSecurity
- Susan Lucci
- Settlement Reached in Community Health Systems Breach Suit
- HIMSS19: Cybersecurity in the Spotlight - HealthcareInfoSecurity
- EHR Vendor Greenway Gets Hefty Fine for False Claims
- Bolstering the Cybersecurity of Medical Devices
- Chaitanya Srinivasamurthy
- Cottage Health Hit With $3 Million HIPAA Settlement
- Securities Fraud Claims Get Boost From EU Data Privacy Rules
- Let’s talk about IoT device security | NIST
- Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity
- Fnord - Pattern Extractor For Obfuscated Code - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Bincat - Binary Code Static Analyser, With IDA Integration - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Small and Medium Business Security Strategies: Part 5 - Black Hills Information Security
- Small and Medium Business Security Strategies: Part 4 - Black Hills Information Security
- Small and Medium Business Security Strategies: Part 3 - Black Hills Information Security
- Small and Medium Business Security Strategies: Part 2 - Black Hills Information Security
- Small and Medium Business Security Strategies: Part 1 - Black Hills Information Security
- Investigate Suspicious Account Behaviour Using SysmonSearch - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Introducing WMIOps - Christopher Truncer's Website
- Make the Time to Fix Your Time Debt | Hackaday
- DSHR's Blog: Cloud For Preservation
- [career] Navigating Your Career | Don Jones®
- Digital Transformation Efforts Hindered by Lack of Collaboration Between IT and Business | APMdigest - Application Performance Management
- Essential System Tools: f3 - detect and fix counterfeit flash storage - LinuxLinks
- Docker - Basics just for me | itsec.siers.ch
- Reusing DHCP config in ISC dhcpd | Lesser-Evil
- Kubernetes - Namespaces - The IT Hollow
- Firing people is always a last resort. | The IT Skeptic
- AD Controls [SHIFT]
- Upgrade a Standalone ESXi Host to ESXi 6.7
- Taking the Azure Data Box Gateway (preview) out for a spin! – Karim Vaes
- 30 Things to Get You Started - Black Hills Information Security
- EyeWitness and Why It Rocks - Black Hills Information Security
- DFIRTrack - The Incident Response Tracking Application - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- GitHub - FortyNorthSecurity/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- Goscan - Interactive Network Scanner - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- RedELK - Easy Deployable Tool For Red Teams Used For Tracking And Alarming About Blue Team Activities As Well As Better Usability In Long Term Operations - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Volatility Workbench - A GUI For Volatility Memory Forensics - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Everything you need to know about DPOs under the GDPR - IT Governance Blog
- Bypass Application Whitelisting using Weak Path Rule
- The IT Governance Cyber Resilience Framework: how it works - IT Governance Blog
- Transform your security posture with cyber resilience - IT Governance Blog
- Google Online Security Blog: Open sourcing ClusterFuzz
- New Zombie 'POODLE' Attack Bred From TLS Flaw
- Mitigation upgrade to TLS v1.3
- Australian Parliament Reports Cyberattack on Its Computer Network - The New York Times
- Ransomware Attack Via MSP Locks Customers Out of ...
- Cyber risk management: The disconnect between business, security teams | CSO Online
- David A. Wheeler's Blog
- Certifications Are About Support | The Networking Nerd
- Cisco - Linux - Python: MainPage
- Design for security [LWN.net]
- Dstat - A Resourceful Tool to Monitor Linux Server Performance in Real-Time
- Ansible and FreeIPA Part 2 | Adam Young’s Web Log
- Ansible and FreeIPA Part-1 | Adam Young’s Web Log
- Containers: The Basics - Linux Academy Blog
- ZFS Boot Environments Are Helping To Improve The Resilience Of FreeBSD Upgrades - Phoronix
- Remote Desktop Protocol Riddled With 16 Major Vulnerabilities
- Microsoft and Open Source RDP Clients Are Vulnerable to System Takeover Attacks - WinBuzzer
- Top Hex Editors for Linux
- Disk Encryption for Low-End Hardware | Linux Journal
- A Moment of Truth for Cyber Insurance - Lawfare
- The Funniest Incident Postmortem | Gluster
- A review of all the calendar options in SharePoint and Office 365 - SharePoint Maven
- Successful Founders Share Their Advice for Starting Your Own Business
- Asylo
- 7 Tips For Communicating With the Board
- Report: Over 59,000 GDPR data breach notifications, but only 91 fines | CSO Online
- Open Source LIDAR Lets You Get Down To The Nitty Gritty | Hackaday
- NetLogo for scientific research: Modeling | Opensource.com
- Ubiquiti Discovery Service Exposures Allowing DoS Attacks Explained
- Enterprises Move (Slowly) Toward Stronger Cybersecurity, Research Shows
- Your Money or Your Life - An Interview with Author Vicki Robin | Mad Fientist
- Multiple Ways to Exploiting Windows PC using PowerShell Empire
- New Vulnerabilities Make RDP Risks Far From Remote
- Over 59K Data Breaches Reported in EU Under GDPR
- How to Access the Dark Web Safely and Anonymously
- Information Security | Daniel Miessler
- Ransomware Evolution: GandCrab v5.1 New Exploit Kit Distribution and TOR Site Features
- GandCrab v5.1
- How ADP identifies and reduces third-party risk | CSO Online
- Hard days at work - SysAdmin1138 Expounds
- Julia Reda – Article 13 is back on – and it got worse, not better
- Self-charging pacemakers are powered by patients' heartbeats
- ‘Achieving and Maintaining Cyberspace Superiority’: A Cyber Command and Interagency Legal Conference - Lawfare
- Password Reuse Remains a Barrier to Safer Internet Use, Google Reports
- 5 reasons why you need to embrace Microsoft Flow - SharePoint Maven
- Costs for Windows 7 Extended Security Updates till 2023 | Born's Tech and Windows World
- Windows 10: Microcode Updates February 2019 | Born's Tech and Windows World
- Planning for the future isn't what it used to be | Opensource.com
- UNIX: Building The Most Important OS in the World
- The Mayo Clinic created an online tool for predicting kidney stones
- Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process - Lawfare
- Big-O Notation Explained | Daniel Miessler
- Michael on Security: Security Maturity Models (Part 1 of 2)
- Avoid these Common Security Misconfigurations - Security Boulevard
- Building a Disk Tower, for all pain and no profit
- BestDuplicator
- Let's Play with Routing - Part 1
- A New Switch for a New Day
- Fwknop - Single Packet Authorization & Port Knocking - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- The Mega-Guide to Trends in 2019 – J.D. Meier's Blog
- Parsing Text with PowerShell (3/3) | PowerShell Team Blog
- oVirt: Open Source Virtualization for the datacenter – Marksei
- What Is a VPN Connection and How Does It Work?
- Now That’s What I Call Crypto: 10 Years of The Best of Bitcoin | Hackaday
- Organize tool box drawers cheap - The Silicon Underground
- How bad is MS08-067? - The Silicon Underground
- MS08-067
- Linux Fu: Easier File Watching | Hackaday
- Hack Your File Hierarchy with Johnny Decimal System (Dewey’s Older Brother) | Hackaday
- The elements of cybersecurity hygiene and secure networks - Part 3
- CISOs must change their outlook or lose their jobs
- “AaronLocker” moved to GitHub – Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
- The case for building expertise to work on US AI policy, and how to do it - 80,000 Hours
- Out-of-Office Messages are a Security Risk - The Lone Sysadmin
- Monitoring Citrix - a vendor overview -
- Configure SCCM Maintenance Windows based on Patch Tuesday
- Automating my TV – Scott Gruby's Blog
- Adding Energy Monitoring to Home Assistant – Scott Gruby's Blog
- Hyper-V VM configuration version supported features - Thomas Maurer
- Cool feature in SMS Trace (Trace32.exe) | 9to5IT
- Thoughts on Azure, OMS & SCOM: Digging through log files? SMS Trace is the way to go!
- WSUS Windows Update Error 0x80244010: Exceeded max server round trips | Windows OS Hub
- 0x80244010
- Ubuntu 18.10 install notes | Nelson's log
- Running Systems » Blog Archive » HA ZFS NFS Storage
- Zero Day Initiative — Of ISOs and Attorneys: Legal Action in Vulnerability Disclosure
- Windows Incident Response: RegRipper
- Building a Cybersecurity Talent Pipeline One Coding Challenge at a Time | Webroot
- Compliance Beyond IRS 1075 and CJIS Audits - Blog | Tenable®
- IRS1075
CJIS
- Cyber (GRU) (II): historical SIGINT - Security Art Work
- Great reference list.
- Aztarna - the open-source scanning tool for vulnerable robotsSecurity Affairs
- Aztarna
- Reading the ENISA Threat Landscape Report 2018Security Affairs
- Can Enterprises execute a GRC Movement?Security Affairs
- Step 4. Set conditional access policies: top 10 actions to secure your environment - Microsoft Secure
- Debbie Seres
- CISO series: Talking cybersecurity with the board of directors - Microsoft Secure
- ADAPT - Tool That Performs Automated Penetration Testing For WebApps - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- CIRTKit - Tools For The Computer Incident Response Team - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- CIRTKit
- Uncle Spufus - A Tool That Automates Mac Address Spoofing - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts) - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- LOLBAS
- List of data breaches and cyber attacks in January 2019 - 1,769,185,063 records leaked - IT Governance Blog
- A 6-step guide to surviving data breaches - IT Governance Blog
- Infosecurity.US - Web Log - OWASP Top Ten IoT 2018
- OWASP: What Are the Top 10 Threats and Why Does It Matter?
- Privacy: Several States Consider New Laws - HealthcareInfoSecurity
- Inside Matrix and Emotet: How They Work, and How to Defend
- New Medical Device Cybersecurity Framework Unveiled
- Kevin McDonald
- Government Spending on Cybersecurity: An Analysis
- Alia Mendonsa
- A CISO on the Value of Endpoint Detection and Response
- Larry Whiteside
- Jenkins Pentest Lab Setup
- xDedic - Marketplace for Hacked RDP Credentials is Taken Down
- Vulnerability Life Cycle and Vulnerability Disclosures | Alexander V. Leonov
- What’s wrong with the Raspberry Pi – Own your bits
- Installing and setting-up JAVA & JBoss 7 Final on CentOS 6 | RoseHosting
- Hardening your HTTP response headers
- How to Mitigate the Java Deserialization Vulnerability in JBoss Application Servers | Synopsys
- The Bash Fingertips: Making Your Own 'Information Centre' | Tux Machines
- Java servers like Jetty, GlassFish and Tomcat | NGINX
- Using ngnix with WildFly - JBoss
- 5 Best Python Frameworks for WebView Testing | Codementor
- Build a network emulator using Libvirt | Open-Source Routing and Network Simulation
- How to Enable Android Enterprise and configure Personal devices with a Work Profile in Microsoft Intune – The ultimate Step-By-Step Guide
- How to Use Docker Containers - Make Tech Easier
- Cornelius' Blog: Governance on demand
- FOSS Project Spotlight: Mender.io, an Open-Source Over-the-Air Software Update Manager for IoT Devices | Linux Journal
- SSL and Weblogic - Remote PSAdmin
- Product Lifecycle Management in the Medical Device Industry - White Paper - lifecycle-mgmt-medical-device-bwp-070013.pdf
- UD_Cybersecurity-Healthcare-2018-conference-agenda.pdf
- Open redirects - the vulnerability class no one but attackers cares about - Steve Tabernacle
- Advisories | CERT NZ
- GitHub - Vulnerator/Vulnerator: The official distribution of the vulnerability parsing utility.
- Let’s Encrypt when your server is behind a firewall and you can’t use DNS Challenge – Diary of an Emacs tragic
- Should There Be More School Policies on Teachers' Social Media Interaction With Students? - Law and Daily Life
- Looking Ahead To 2019 | The Frog Pond of Technology
- How long will Oracle Database 12.2 be supported?
- Dissecting 190115 BP, PSU, RU and RUR - DBA - Rodrigo Jorge - Oracle Tips and Guides
- Azure Automation of A-to-Z, Part I – DBAKevlar
- A Collection of Useful Resources for Web Designers and Programmers
- Data Privacy Year | Linux Journal
- Using EFI/UEFI firmware in a VMware Virtual Mac... |VMware Communities
- Dump LAPS passwords with ldapsearch ·
- Searching LDAP using Nmap’s ldap-search.nse script | Faded Lab
- CA Spectrum Common Access Card Authentication Solution Guide - Spectrum_CAC_Authentication_Guide_ENU.pdf
- DoD CAC Reader | Ubuntu, Derivatives and Linux Mint – CubicleNate's Techpad
- Local Admin Access and Group Policy Don’t Mix - TrustedSec
- Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil …
- Centrify Now Offers Free US Government PIV and Military CAC Support for the Mac | Secure Thinking by Centrify
- CAC Card for DOD/Military : Fedora
- The Risky Business of Cybersecurity
- Connectivity Problems Caused by Issues in SQL Server – SQL Meditation
- Up, up and to the Clouds: Cloud Computing 101 - Security Boulevard
- Parsing Text with PowerShell (2/3) | PowerShell Team Blog
- Parsing Text with PowerShell (1/3) | PowerShell Team Blog
- Migrate a VM from vCenter to Azure | PeteNetLive
- Programming paradigms for dummies: what every programmer should know | the morning paper
- Top 30 Data Recovery Interview Questions and Answers for 2019
- Demystifying the Indian Data Protection Bill, 2018: Part 2 of 3 - Gemalto blog
- Demystifying the India Data Protection Bill, 2018: Part 1 of 3 - Gemalto blog
- New Phobos Ransomware Using Same Ransom Note as Dharma - Security Boulevard
- What Are Common Certificate Validation Flaws? - Security Boulevard
- CVSS: Characterizing and Scoring Vulnerabilities - Security Boulevard
- Benefits of SSH Key Management - Security Boulevard
- Open Source Licenses Explained - Security Boulevard
- The Evolution of Darknets - Security Boulevard
- Healthcare: A Cloud Security Investigation (CSI) - Security Boulevard
- CISO Intro by Jeremiah Grossman - Security Boulevard
- “Cyber Smart” Interview with Bart McDonough - Security Boulevard
- Continuous Monitoring 101
- How To Install and Use RetroArch on Linux - LinuxConfig.org
- Roles and Responsibilities of the Information Security Manager - Security Boulevard
- Windows Registry & Osquery: The Easy Way to Ensure Users are Secured - Security Boulevard
- Serverless And The Evolution In Cloud Security, How FaaS Differs From IaaS - Security Boulevard
- SAP Security Notes 2018: Lessons Learned and a Look to What's Ahead in 2019 - Security Boulevard
- FTW - Framework For Testing WAFs - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Build Cheat Sheets and Share Your Favourites! - Cheatography.com: Cheat Sheets For Every Occasion
- 10 YouTube URL Tricks You Should Know About
- Howto: Docker, Databases, and Dashboards to Deal with Your Data | Hackaday
- Container Jungle: where do I start? Docker, Kubernetes – Marksei
- Ansible, ARA and MariaDB (or MySQL) – The ongoing struggle
- Illinois biometric privacy law passes a key court test
- VIRTIO 1.1 Standard Moving Closer To Release With GPU Device, Better Performance - Phoronix
- DeployHappiness | Master of Science in IT: 1 Year, $5200
- Benchmarking The Current Spectre + Meltdown Performance Overhead For 10 GbE Networking - Phoronix
- Consumer threats down as cybercriminals target business
- Poor integration costs businesses $500,000 a year
- Chris's Wiki :: blog/linux/ServerRebootOnPanics
- Getting Started with Kubernetes - The IT Hollow
- Office 365 down (January 24, 2019)? | Born's Tech and Windows World
- Planner Notifications for Teams – All About I.T.
- Digital IDs said to boost economies, but privacy is at risk - Japan Today
- Prudent Security Admin: Has a New Data Breach Precedent Been Created? - Security Boulevard
- How to Become a Chief Information Security Officer — CyberSpeak Podcast - Security Boulevard
- Study: Hospitals dramatically increase ad spend following data breaches - Security Boulevard
- 5 Ways a CISO Can Tackle the CyberSecurity Skills Shortage Now - Security Boulevard
- 1. Lower the Skill Level
2. Spread the Load For Your Security Professionals
3. Raise Awareness About Cyber Attacks
4. Increase Network Visibility
5. Plan for Tomorrow
- NBlog - the NoticeBored blog: NBlog Jan 23 - infosec policies rarer than breaches
- NBlog - the NoticeBored blog: NBlog Jan 25 - cyber risks in context
- State agency exposes 3TB of data, including FBI info and remote logins – Naked Security
- 2 distinct campaigns delivered GandCrab ransomware and Ursnif TrojanSecurity Affairs
- Collection #1 Data Breach Analysis – Part 2 - by Marco RamilliSecurity Affairs
- “Collection #I” Data Breach Analysis – Part 1 – Marco Ramilli Web Corner
- Jok3R - Network And Web Pentest Framework - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Voice of the Customer: Azure AD helps lululemon enable productivity and security all at once for its employees - Microsoft Secure
- Conpot - An Open Industrial Control Honeypot - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Beebug - A Tool For Checking Exploitability - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Fighting Emotet: lessons from the front line – Naked Security
- The Application Security Team's Framework For Upgrading Legacy Applications
- Sh00T - A Testing Environment for Manual Security Testers - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- What is an ISMS and 8 reasons why you should implement one - IT Governance Blog
- The PCI SSC’s new software security standards – what you need to know - IT Governance Blog
- PCI SSC
- On the 'structural shortcomings' of the GDPR
- Study: Companies with GDPR investments conduct business faster
- Girl Scouts announce new cybersecurity patch
- 5 Malware Trends: Emotet Is Hot, Cryptominers Decline
- Hardware Hacking 101 – Lesson 1: Beauty, Your Home Lab and Basic Electronics - The Ethical Hacker Network
- Government Shutdown: Impact on Health Data Security, Privacy
- Colorado police encrypt *all* their radio communications, frustrating journalists
- Life Under GDPR: Data Breach Cost Unknown - HealthcareInfoSecurity
- Dharma Gang Pushes Phobos Crypto-Locking Ransomware
- Coveware's 2018 Q4 Ransomware Marketplace Report
- Google Hit With $57 Million GDPR Fine in France
- National Data Privacy Day Is Wishful Thinking
- Center for Internet Security releases Microsoft 365 benchmarks | CSO Online
- Looping sssd_nss - Blog dbi services
- VMware Snapshots: Securing Windows RDP Connections with a Signed SSL Certificate
- Landscaping a Secure/Closed Loop Infrastructure in Azure with Terraform & Azure Devops – Karim Vaes
- New – TLS Termination for Network Load Balancers | AWS News Blog
- Home - Freeplane - free mind mapping and knowledge management software
- Top 11 Free Linux DICOM Viewers for Doctors
- Understanding Bash fork() Bomb :(){ :|:& };: code - nixCraft
- GandCrab ransomware and Ursnif virus spreading via MS Word macros
- GandCrab
- Debian GNU/Linux 9.7 "Stretch" Released with Patched APT Package Manager
- Gulp - A Toolkit for Automating Painful Tasks in Development
- Top 5 Vulnerability Scanning Tools – Linux Hint
- Best 10 Free and Open Source Lab Management Systems
- Get started with LogicalDOC, an open source document management system | Opensource.com
- Beware! This Malicious Ransomware Hides As Free Games & Software
- Forget No-Carb. Embrace Slow Carb : The Salt : NPR
- Buddha Bowl - Make Your Own Bowl for any Phase - Chef Dawn Ludwig
- KookBook 0.2.0 available – now manage your cooking recipes better – Blog :: Sune Vuorela
- To upgrade or not to upgrade? That's the question! | The ORACLE-BASE Blog
- Vulnerabilities Found in Highly Popular Firmware for WiFi Chips
- New Android Malware Uses Motion Sensors To Stay Hidden
- The 7 Habits of Highly Effective IT Leaders – J.D. Meier's Blog
- Corporate Best Practices in Security Awareness and Training Programs
- Dan Lohrmann
- The Start of the RHCA Journey | Lisenet.com :: Linux | Security | Networking
- Guinness World Records bets on Office 365 and AWS to boost business expansion
- “It is the IT department’s job to make sure we can respond to the ever-growing changes within our business model, so we can take up new opportunities and move into new markets,” says Rob Howe, IT director at Guinness World Records.
- How to inject custom drivers into an ESXi 4.1 image using vibddi?
- An AnandTech Exclusive: The Jim Keller Interview
- SC Cyber
- 8 Awesome InfoSec and Cybersecurity Blogs of 2018 -
- GitHub - paralax/awesome-cybersecurity-internships: a list of cybersecurity internships
- GitHub - jivoi/awesome-ml-for-cybersecurity: Machine Learning for Cyber Security
- Greek Gluten Free Meatloaf Muffins | Healthy & Easy Freezer Meals
- nVisium
- xsstrike.tk
- GitHub - s0md3v/XSStrike: Most advanced XSS detection suite.
- GitHub - l0ss/Grouper: A PowerShell script for helping to find vulnerable settings in AD Group Policy.
- GitHub - minimaxir/big-list-of-naughty-strings: The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
- Introducing Metta: Uber’s Open Source Tool for Adversarial Simulation
- Xeneta | Ocean Freight Rate Benchmarking Platform
- The State of AI for Sales Enablement, and the Evolution of the CRM | Emerj - Artificial Intelligence Research and Insight
- How To - Use VMware vSphere PowerCLI to patch hosts | 9to5IT
- How to Install latest ESXi VMware Patch - [Guide] | ESX Virtualization
- How to Write a Business Case ― 4 Steps to a Perfect Business Case Template | Workfront
- Security-related Rules
- New cybersecurity guidelines for medical devices | Vantage Asia
- How to Justify a Software Purchase — Step by Step
- SupplyChainBrain - The world's most comprehensive supply chain management information resource.
- Troubleshooting remote syslog reachability · Papertrail log management
- GitHub - trimstray/test-your-sysadmin-skills: A collection of *nix Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
- Solaris : How to start syslogd in debug mode – The Geek Diary
- Topic: Cybersecurity - ABA Journal
- How To Centralize Logs with Rsyslog, Logstash, and Elasticsearch on Ubuntu 14.04 | DigitalOcean
- Centralised logging with Rsyslog and Microsoft Azure - Part 1
- x265 transcoding | Nelson's log
- So You Automated Your Coworkers Out of a Job
- OSINT Resources for 2019 – Steve Micallef – Medium
- A Review of my Bug Hunting Journey - My Learning Journey
- HOWTO: Build a Temperature Alert System using a Raspberry Pi – Please Work
- What version of SQL Server do I have? | Mohammed Wasay
- List Domain Admins & Enterprise Admins in a domain | Mohammed Wasay
- Get the list of domain admins and check if they are enabled.
Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled
1
Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled
Get the list of enterprise admins and check if they are enabled.
Get-ADGroupMember -Identity "Enterprise Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled
1
Get-ADGroupMember -Identity "Enterprise Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled
- Create incremental OVA images using Packer
- Peter Gutmann's Home Page
- Peter Gutmann
- Blue Team Architecture and Analysis - Part 3, Coverage Assessment Map by J Geno - tool, knowledge, procedures
- Blue Team Architecture and Analysis - Part 2, Guide to the Part 1 Document by J Geno - engineering, management, data breaches
- Blue Team Architecture and Analysis - Part 1 by J Geno - time, business, goals
- PowerPoint Creating Conference Posters.pdf - Course_Book_Ppt_TIUD_Conference_Posters10.pdf
- All of Windows Cipher Suites | Mohammed Wasay
- Windows (10 & 2016) Build 1709 & 1803 cannot connect to SMB Shares | Mohammed Wasay
- Oracle to charge for Java Updates & how you can disable them | Mohammed Wasay
- Convert a Dynamic IP to Static | Mohammed Wasay
- Expedition ML4SEC Part - 1: Introduction to machine learning for security professionals - payatu
- Presentations: Billboard science : Naturejobs
- Turning your BMC into a revolving door - zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
- IoT Security – Part 4 (Bluetooth Low Energy - 101) - payatu
- IoT Security – Part 3 (101 - IoT Top Ten Vulnerabilities) - payatu
- Blog Archives - Page 3 of 4 - payatu
- IoT Security – Part 2 (101 - IoT Attack surface) - payatu
- IoT Security – Part 1 (101 - IoT Introduction and Architecture) - payatu
- RedTeaming from Zero to One - Part 2 - payatu
- RedTeaming from Zero to One - Part 1 - payatu
- Don’t Become a Ransomware Target
- Using Packer to Automate vSphere Template Builds
- Exploiting JNDI Injections in Java | Veracode blog
- vCloudNotes : Information Sharing: How to capture memory dump of a VM from snapshot or suspended state file
- Trusted Ransomware Removal And Data Recovery Experts
- Security Checklist
- North Korean hackers infiltrate Chile's ATM network after Skype job interview | ZDNet
- vCloudNotes : Information Sharing: Intel / AMD processor vulnerability: Meltdown-Spectre and VMware Esxi
- vCloudNotes : Information Sharing: How to reset iLO login password from within ESXi Shell
- Installing the Home Lab – Installing vCenter 5.5 on Windows 2012R2 – Everything-Virtual
- vCloudNotes : Information Sharing: How to Check, Start, Stop or Restart Windows version of vCenter 6.x Services
- HxD - Freeware Hex Editor and Disk Editor | mh-nexus
- Check with Powershell for Meltdown and Spectre #exploit critical vulnerabilities Protection #Meltdown #Spectre #KB4056892 | Robert Smit MVP Blog
- DevopsWiki/README.md at master · Leo-G/DevopsWiki · GitHub
- GitHub - ANSSI-FR/audit-radius: A RADIUS authentication server audit tool
- How to choose the correct Garbage Collector? Java Generational Heap and Garbage Collection explained - Karunsubramanian.com
- What you didn't know about java.lang.OutOfMemory Error! - Karunsubramanian.com
- Why is there a discrepancy between Windows Task manager Memory and Java Heap ? - Karunsubramanian.com
- Building vSphere Templates From Scratch Using Packer and the vSphere API – Green Reed Technology
- Windows 10 and reserved storage | Storage at Microsoft
- History · bibanon/bibanon Wiki · GitHub
- A huge list of Windows log file Event IDs for detecting lateral movement by S. Delano - development, python, script
- Detecting Lateral Movement through Tracking Event Logs
- Raspberrypi as poor man's hardware hacking tool - payatu
- Linux Security Hardening with OpenSCAP and Ansible – clasohm.com
- Splunk vs ELK - Karunsubramanian.com
- What is Docker? An absolute beginner's guide - Karunsubramanian.com
- Unable to Connect RDP: CredSSP Encryption Oracle Remediation | Windows OS Hub
- What is SYN_SENT socket status? - Karunsubramanian.com
- Windows XP Can’t RDP to Windows 10 / Server 2012R2/2016 RDS | Windows OS Hub
- Get Reverse-shell via Windows one-liner
- “Collection #1” Data Breach Analysis – Part 1 - Security AffairsSecurity Affairs
- How running websites has changed in the last two decades (for an Ars IT guru) | Ars Technica
- Fecebook Could Be Slapped With 'Record-Setting' Fine By FTC
- 7 Common Email Security Protocols Explained
- Facebook violated tough new cybersecurity law, says Vietnam – Naked Security
- DevOps and Culture, part 2 – Premier Developer
- DevOps and Culture, part 1 – Premier Developer
- UPnP, Vulnerability As A Feature That Just Won’t Die | Hackaday
- Serious Security: What 2000 years of cryptography can teach us – Naked Security
- Serverless computing: one step forward, two steps back | the morning paper
- The AI cybersecurity impact for IoT - Microsoft Secure
- Nine 2019 Cybersecurity PredictionsSecurity Affairs
- 6 Reasons We Need to Boost Cybersecurity Focus in 2019Security Affairs
- 4 ways to prepare for GDPR and similar privacy regulations - TechRepublic
- Chris's Wiki :: blog/linux/ZFSLicenseTwoViews
- Chris's Wiki :: blog/linux/CPUNumbersNotContiguous
- NFS. Not… Dead… Yet… - krypted.com
- Julia Reda – Designing the future of cybersecurity in Europe
- The challenges of adopting a consistent cybersecurity framework in the insurance industry - Microsoft Secure
- Guide to Developing a National Cybersecurity Strategy—a resource for policymakers to respond to cybersecurity challenges - Microsoft Secure
- RHEL 6 server receiving error mounting CIFS (Windows) share – mount error(112): Host is down | setaOffice
- Running Home Assistant in a Docker container with a Z-Wave USB stick · major.io
- All In with Home Assistant – Scott Gruby's Blog
- 2019 Cloud Predictions - Part 3 | APMdigest - Application Performance Management
- 2019 Cloud Predictions - Part 2 | APMdigest - Application Performance Management
- 2019 Cloud Predictions - Part 1 | APMdigest - Application Performance Management
- Virtual Machines do not boot after moving from Windows Server 2012 R2 to Windows Server 2019 - American Boffin
- Security in Windows Server 2019 - Security Art Work
- Data Security is a Global Economic Imperative - Blog | Tenable®
- Sitadel - Web Application Security Scanner - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Snyk
- Shed - .NET Runtime Inspector - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- dnSpy - .NET Debugger And Assembly Editor - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Estimating SOC BudgetRafeeq Rehman – Personal Blog
- Robert Penz Blog » Howto install Bitwarden in a LXC container (e.g. Proxmox)
- The Evil-Twin Framework: A tool for improving WiFi security | Opensource.com
- Behind the Scenes & Under the Carpet – The CenturyLink Network that Powered AWS re:Invent 2018 | AWS News Blog
- Learn Windows PowerShell in a Month of Lunches, Third Edition #BookReview #Powershell #PowerCLI #Scripting #vExpert -
- Terence Luk: Citrix NetScaler CLI command cheat sheet
- Emotet Malware Returns to Work After Holiday Break
- Triton/Trisis Attack Was More Widespread Than ...
- 'We Want IoT Security Regulation,' Say 95% of IT ...
- The Rx for HIPAA Compliance in the Cloud
- PCI Secure Software Standard v1.0 - PCI-Secure-Software-Standard-v1_0.pdf
- PCI Secure Software Standard v1.0 - PCI-Secure-Software-Standard-v1_0.pdf
- 2018's Most Common Vulnerabilities Include Issues ...
- EU copyright laws face uncertain fate after 11 countries reject proposal
- Oracle 19c Released : How does that make you feel? | The ORACLE-BASE Blog
- GDPR Compliance and the Oracle E-Business Suite Revisited | Integrigy
- Winds of change? Winds of mediocrity.
- Vulnerabilities in building access system used by schools, governments | CSO Online
- Summary: The Dichotomy of Leadership | Daniel Miessler
- Kubernetes: List of ports Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
- iPhone 11 Plus Wi-Fi 6 Equals Undefined? | The Networking Nerd
- iTWire - Cyber security threats will keep getting worse in 2019: claim
- Home Automation I | Zamir's Board
- CNC milling with open source software | Opensource.com
- Kubernetes security: 4 tips to manage risks | The Enterprisers Project
- Kali Linux 2018 for testing and maintaining Windows security - Wolf Halton and Bo Weaver [Interview] | Packt Hub
- How to Setup DRBD to Replicate Storage on Two CentOS 7 Servers
- Oracle Patches 284 Vulnerabilities in January Critical Patch Update
- AdoptOpenJDK - Open source, prebuilt OpenJDK binaries
- Thank You, John C. Bogle — My Money Blog
- Collection 1 data breach covers more than 772 million email addresses
- Cloud Computing TECHREPORT - 2018 ABA Survey Results | DennisKennedy.Blog
- Introduction to Ubuntu's LXD Containers - Make Tech Easier
- Chart: Stock Market Declines Are More Common Than You Think — My Money Blog
- Ryuk ransomware banks $3.7 million in five months
- Is GDPR Compliance Tougher Than HIPAA Compliance?
- Lessons From Report on Massive Singapore Healthcare Hack
- Government Shutdown: Experts Fear Deep Cybersecurity Impact
- Tom Kellermann
- Patch Tuesday, January 2019 Edition — Krebs on Security
- Ransomware Attacks: The Data Integrity Issues
- The 2019 Health Data Privacy Regulatory Outlook
- Cyber resilience and the GDPR - IT Governance Blog
- ITIL 4: What you need to know about the 2019 ITIL update - IT Governance Blog
- 2018 in Cybersecurity Review: What Happened and What the Future Brings (Part 2) 2018 in Cybersecurity Review: What Happened and What the Future Brings (Part 2)
- SMB Penetration Testing (Port 445)
- Windows Applocker Policy - A Beginner’s Guide
- How To Change E1000 into VMXNET3 without changing a MAC address | ESX Virtualization
- From Encrypting the Web to Encrypting the Net: A Technical Deep Dive on Using Certbot to Secure your Mailserver | Electronic Frontier Foundation
- OpenMediaVault – Good Times With mdadm | PenguinPunk.net
- January 2019 patchday issues | Born's Tech and Windows World
- Humana Breaches Reflect Chronic Credential Theft in ...
- Who Takes Responsibility for Cyberattacks in the Cloud?
- What’s wrong with patch-based Vulnerability Management checks? | Alexander V. Leonov
- Blowing the Dust off of an IBM AS/400 Server | Hackaday
- Resolving Microsoft SQL Server Error 4064 with PowerShell – Mike F Robbins
- The Biggest Storage Trends of 2019 | Architecting IT
- What Makes IoT A Security Risk? | The Networking Nerd
- Configuring TACACS+ Server on Ubuntu 14.04LTS – Keeran's Blog
- CLOS Topology
- Firewall Ruleset Automation with CI Pipeline « ipSpace.net blog
- How to configure Windows 10 in Kiosk Single App, full-screen mode
- Just one more esxi-guy: The D.C.L.I. (Datacenter CLI)
- Stanford uploads 111 lectures by Donald Knuth. – Virtually Fun
- Taking a look at AutoDeploy in vSphere 6.5
- Tiger - The Unix Security Audit and Intrusion Detection Tool
- Tiger - The UNIX Security audit and intrusion detection tool
- How to Set Up a Local DNS Resolver on Ubuntu 18.04, 16.04 with BIND9 - LinuxBabe
- Am I financially independent? (And does it matter?)
- CVE Vulnerabilities: All You Ever Wanted to Know About
- Top Ways to Get ROI From Your AppSec Program - Security Boulevard
- Kubernetes: Master Post Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
- Top 5 things SMBs should consider when evaluating a cybersecurity strategy | Webroot
- All About the Hotspot Honeypots - Security Boulevard
- How to data breaches happen - Security Boulevard
- Sometimes A Vulnerability Isn’t So Vulnerable
- pfSense VLANs on Proxmox - Linux Included
- SSHGuard settings on pfSense - Linux Included
- Healthcare Continues to Be Prime Target for Cyber Attacks
- SlackPirate - The Slack Enumeration and Extraction Tool - emtunc's Blog
- Using Ansible to bring up a three node Patroni cluster in minutes - Blog dbi services
- GitHub - danluu/post-mortems: A collection of postmortems. Sorry for the delay in merging PRs!
- Reading postmortems
- Verizon FiOS – ICMP Traceroute Issues
- Too much disk IO on sda in RAID10 setup | blog.windfluechter.net
- How to be More Productive by Using the “Eisenhower Box”
- GDPR Myth #1: Fine of 4% of global turnover for your first GDPR offence | VinciWorks Blog
- Senators Demand Voting Machine Vendor Explain Why It Dismisses Researchers Prodding Its Devices
- Displaying IP Info on Console with Netplan – Fixing IT
- Julia Reda – In January, the EU starts running Bug Bounties on Free and Open Source Software
- TheHive Project – Open Source, Free and Scalable Cyber Threat Intelligence & Security Incident Response Solutions
- Tesla Model 3 known good accessories | TinkerTry IT @ Home
- PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Tesla Model 3 replacing my 13 year old Honda Civic Hybrid, let's see how that goes. So far, so good! | TinkerTry IT @ Home
- 7 Habits of a Highly Effective CISO: 2019 Data Security Resolutions - Data Security Blog | Thales eSecurity
- Docker Security Tips & Best Practices – Threat Stack
- Healthcare IT Continues to Struggle with Backup Strategies - Security Boulevard
- 9 Benefits of ISO 27001 Certification (Some You Know, Some You Probably Don’t) | Pivot Point Security
- Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack — Krebs on Security
- MISP - Malware Information Sharing Platform and Threat Sharing - The Open Source Threat Intelligence Platform
- The Docker Bench For Security - A Script That Checks For Dozens Of Common Best-Practices Around Deploying Docker Containers In Production - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- The 4 stages of cyber resilience - IT Governance Blog
- The End (of 2018) Is Near: Looking Back for Optimism
- New Year’s Resolution for 2019: Cybersecurity Must Be the Top Priority for the Board
- New cybersecurity rules take effect in South Carolina
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients - HICP-Main-508.pdf
- Analyzing the Portuguese DPA's first GDPR fine
- Marriott Provides Update on Starwood Database Security Incident
- 25 Years Later: Looking Back at the First Great ...
- 2018 Health Data Breach Tally: An Analysis - HealthcareInfoSecurity
- Do not look for Cheap Black Friday Deal Testing - EvilTester.com
- The Difference Between Security and Privacy | Daniel Miessler
- Major US newspapers crippled by Ryuk ransomware attack | CSO Online
- Japan seeks cyberattacks to be in scope of security treaty with U.S. - Japan Today
- Why Automation Matters : Consistent Test Environments | The ORACLE-BASE Blog
- Easy PXE boot testing with only HTTP using iPXE and libvirt
- 10 ways to use OneNote for Project Management - SharePoint Maven
- Extend the evaluation period of Windows Server 2012/2016 and 2019 - ivobeerens.nl
- Recognizing Vendor Risks to National Security in the CFIUS Process - Lawfare
- How the Boston Children’s Hospital Is Innovating on Top of an Open Cloud
- 7 Nginx Rewrite Rule Examples with Reg-Ex and Flags
- The Developer Coefficient
- Yammer Seen Counts for Conversations – All About I.T.
- The two most important ways to defend against security threats | CSO Online
- Introduction to Cryptography Basic Principles
- weblogic - how to change listen port from default 7001 to something different? - Stack Overflow
- How to change the default port of weblogic (7001) (BEA/Weblogic forum at Coderanch)
- 10 Google Docs Tips That Take Seconds and Save You Time
- Launching Rational Cybersecurity for the Business | Security Architects Partners Dan Blum
- Erman Arslan's Oracle Blog: RDBMS -- TLS 1.2 support and issues ORA-29263: HTTP protocol error & ORA-29024: Certificate validation failure
- Erman Arslan's Oracle Blog: Oracle Seminar -- Oracle Technologies and Oracle Products + Oracle Job roles
- Erman Arslan's Oracle Blog: Exadata -- Exadata X3 reimaging problem -- biosbootorder
- Erman Arslan's Oracle Blog: Weblogic -- Performance problem - Forms & Reports environment -- Unable to load performance pack / libmuxer.so
- Change the Listen Port for Weblogic AdminServer #Oracle #IDM #Identity - TUMY | TECH
- Erman Arslan's Oracle Blog: Weblogic -- HACMP Configuration, IP Address Change
- The Finnish Hyperion Guy: Tidy Up WebLogic Server After EPM System Installation
- Vulnerability Management Part 1 I Pivot Point Security
- Yes: Your Law Firm Needs to Do a Business Impact Analysis | Pivot Point Security
- WebLogic AdminServer Port Conflict Remote Running on PC
- Java mon amour: Installing JIRA
- Java mon amour: Jboss CLI, change individual attributes of a security domain without having to remove and add the domain from scratch
- Java mon amour: java showSettings
- Default Port Numbers You Need to Know as an Administrator
- Why Tenable/NESSUS requires full level 15 access for Cisco devices? Don’t need it.
- Security/TLS Configurations - MozillaWiki
- Security/Server Side TLS - MozillaWiki
- Transport Layer Protection Cheat Sheet - OWASP
- Oracle – Got minus one from a read call – How to tackle? | {"code":"java"}
- Come Across: Presenting : Explore and Implement SharePoint Security: Permissions, Identities, and Objects @ NCS SharePoint CoP Group
- Security Update Guide
- CyGraph: Cybersecurity Situational Awareness That’s More Scalable, Flexible & Comprehensive - Neo4j Graph Database Platform
- TDS Endpoints: SQL Server's "Listener" | ColleenMorrow.com
- Private Investigator - Stillinger investigations
- How a U.S. Health Care System Uses 15-Minute Huddles to Keep 23 Hospitals Aligned
- Automotive Cybersecurity
- CDRH’s Medical Device Safety Action Plan – An Aspirational Blueprint for Addressing Medical Device Safety | Health Law | STAT
- Thora A. Johnson
- Active Directory® 101 - JumpCloud
- How to check if your processor supports Virtualization Technology on Ubuntu
- Chris's Wiki :: blog/linux/ZFSFileserverSameness
- Malwarebytes IT Security Predictions 2019 | Born's Tech and Windows World
- Serverless OpenLDAP™ - Security Boulevard
- The Best of Shape Security 2018 - Security Boulevard
- OPTPOLINES - Formerly Relpolines, Lower Overhead To Retpolines For Spectre Mitigation - Phoronix
- Local stratum-1 NTP server
- Ubiquiti Unifi setup
- Touchless health monitoring module works with Raspberry Pi
- Home - ROI-NJ
- MacOS Security Baseline Script – JerryGamblin.com
- Favorite Security Books Of 2018 – JerryGamblin.com
- Welcome to ServerlessSecurity.org! | ServerlessSecurity.org
- Host Websites On Github – JerryGamblin.com
- SQL Server 2014 Service Pack 3 is now Available!!! | SQL Server Release Services
- Adam Shostack's personal homepage
- The Hard Truth About G2A, Kinguin and Grey Market Keys – Locke's Journey
- Understanding the unique Israeli concept of Rosh Gadol (ראש גדול)-updated | Allon Shevat
- News – Joel on Software
- GitHub - cybermaggedon/cyberprobe: Capturing, analysing and responding to cyber attacks
- What Are Cipher Suites? - Security Boulevard
- Jacek Kowalczyk / my-debian · GitLab
- Looking Back at the Top Cyber-Securities Issues of 2018
- Cyber and Technology Resilience: Themes from cross-sector survey 2017 - 2018 - technology-cyber-resilience-questionnaire-cross-sector-report.pdf
- The Life of Kenneth: FCIX - State of the Exchange
- On Thinking About Infrastructure as Code - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- Hilbert’s list | Seth's Blog
- 1. High efficiency, sustainable method for growing sufficient food, including market-shifting replacements for animals as food
2. High efficiency, renewable energy sources and useful batteries (cost, weight, efficiency)
3. Effective approaches to human trafficking
4. Carbon sequestration at scale
5. Breakthrough form for democracy in a digital age
6. Scalable, profitable, sustainable methods for small-scale creators of intellectual property
7. Replacement for the University
8. Useful methods for enhancing, scaling or replacing primary education, particularly literacy
9. Beneficial man/machine interface (post Xerox Parc)
10. Cost efficient housing at scale
11. Useful response to urban congestion
12. Gene therapies for obesity, cancer and chronic degenerative diseases
13. Dramatic leaps of AI interactions with humans
14. Alternatives to paid labor for most humans
15. Successful interactions with intelligent species off Earth
16. Self-cloning of organs for replacement
17. Cultural and nation-state conflict resolution and de-escalation
18. Dramatically new artistic methods for expression
19. Useful enhancements to intellect and mind for individuals
20. Shift in approach to end-of-life suffering and solutions for pain
21. Enhanced peer-to-peer communication technologies approaching the feeling of telepathy
22. Transmutation of matter to different elements and structures
23. Off-planet outposts
It’s going to get interesting. Especially if we can imagine it.
- Cybersecurity and Insurance | Hackaday
- Patch Lady – vendors start to shut the doors on Windows 7 @ AskWoody
- Find Windows 10 Upgrade Blockers with PowerShell – smsagent
- FYI: End of Support for Windows 7, SQL-Server 2008 and more | Born's Tech and Windows World
- Effective Mental Models for Code and Systems – Cindy Sridharan – Medium
- The Art of Vacuum Tube Fabrication | Hackaday
- configuring_ssl_for_oracle_client_with_cac_using_mcs_3.pdf
- GitHub - pmdba/plsql-pii-scanner: An example of a method for scanning the Oracle data dictionary for potential PII data and automating specific responses, such as encrypting of columns or alerting the DBA, when new data is found.
- Finding And Fixing Node.js Memory Leaks: A Practical Guide | eknori.de
- Firejail - Securely Run Untrusted Applications in Linux
- I Hunt Sys Admins - The Intercept
- How China’s Elite APT10 Hackers Stole the World’s Secrets | WIRED
- How To Organize Your Income And Expenses
- How VMware Certifications changed my life -
- Getting started with chaos engineering | Opensource.com
- Chris's Wiki :: blog/linux/ZFSFileserverSetupIII
- Creating a useful spec | Seth's Blog
- NASA Astronomer Nancy Grace Roman, 'Mother' Of Hubble Space Telescope, Is Dead : NPR
- PostgreSQL-Diagnostic-Queries – DB-Tune
- Hackers Attack IPMI Default Passwords to Deploy Ransomware On Linux Servers - Latest Hacking News
- EU offers bounties to help find security flaws in open source tools
- Malware stalls delivery of LA Times and other major US newspapers
- Linux ip Command Examples - nixCraft
- Azure in the Government of Canada - Eric’s Azure Blog
- Penetration Testing on Group Policy Preferences
- From Encrypting the Web to Encrypting the Net: 2018 Year in Review | Electronic Frontier Foundation
- Side-Channel Vulnerability Variants 3a and 4 - Spectre and Meltdown - blackMORE Ops
- Building a PowerShell Process Memory Tool • The Lonely Administrator
- How to add network driver to Windows 10 PE | Marco Franssen
- Put your ssh experience in Windows on Steroids | Marco Franssen
- DSHR's Blog: Securing The Hardware Supply Chain
- Top 5 Cybersecurity Priorities for 2019: Ponemon Study - Blog | Tenable®
- Healthcare Data Breaches Associated with 64% Increase in Advertising Expenditures - Security Boulevard
- Top 30 Chief Information Security Officer (CISO) Interview Questions and Answers for 2018
- Top 30 Chief Information Security Officer (CISO) Interview Questions and Answers for 2018 - Security Boulevard
- Healthcare Cybersecurity in 2019: The Time is Now - Security Boulevard
- Top 20 Most Popular Hacking Tools in 2018 - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Improving DNS logging, dnstap on Ubuntu - Koen Van Impe - vanimpe.eu
- Data Sanitization 5.3 release | OPSWAT
- The Year of the GDPR: 2018’s Most Famous Privacy Regulation in Review | Electronic Frontier Foundation
- Blog Exploits on the Rise | Onapsis
- Selenium IDE Tactical or Strategic? - Evil Tester - Technical Testing with Skill, Attitude and Pragmatism
- Looking Back: 2018 Project Report Card - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
- An Internet Outage Could Kick In WannaCry Ransomware Again
- The elements of cybersecurity hygiene and secure networks -- Part 2
- The elements of cybersecurity hygiene and secure networks -- Part 1
- Cuckoo – Sandboxed Malware Analysis – ls /blog
- Chris's Wiki :: blog/sysadmin/MetricsAndUnderstandingMore
- The Best Maker YouTube Channels | Cool Tools
- Intel 5500 chipset heatsink tuning
- Smokeping – network latency monitor with Raspberry Pi – Alexander's Blog
- Context: Your Super-Weapon in Vulnerability Management? - Security Boulevard
- Industrial Control Systems Healthcheck | Mandiant | FireEye
- PCI Pal and Verizon White Paper Examines PCI Security Compliance in Contact Centre Environments - Security Boulevard
- Apache Struts Vulnerabilities vs Spring Vulnerabilities — One of these popular open source projects might be riskier than the other - Security Boulevard
- Defense in Depth: 4 Essential Layers of ICS Security
- AWS Lambda Security Quick-Start Guide
- Secure & Compliant Payment Solutions for Contact Centres | PCI Pal
- OWASP Top 10 Security Risks – Part II - Security Boulevard
- Software Monitoring for NERC CIP Compliance: Part 1
- Continuous Monitoring : Academic Paper - Security Boulevard
- OWASP Top 10 Vulnerabilities List — You’re Probably Using It Wrong
- A Brief Introduction to the OpenVAS Vulnerability Scanner
- Tis the Season to Check your SSL/TLS Cipher List Thrice (RCurl/curl/openssl) - Security Boulevard
- Cybersecurity is Increasingly Important for M&A Dealmakers - Security Boulevard
- PIPEDA & MDR: Breaches, Reporting and Advice
- Shared responsibility model: Who owns cloud security? - Security Boulevard
- RACI matrix in ISO 27001 implementation – How to use it?
- Negative Impact of Incorrect CSP Implementations - Security Boulevard
- Future Crimes by Marc Goodman (Book Summary) - Security Boulevard
- 37% of Ransomware Attacks Targeted Healthcare Organizations in Q3, Cyber Insurer Says - Security Boulevard
- PIPEDA Best Practices Achieved with MDR - Part 2 - Security Boulevard
- PIPEDA Best Practices Achieved with MDR - Security Boulevard
- Achieve CIS Compliance in Cloud, Container and DevOps Environments
- FreeRADIUS for MSPs - Security Boulevard
- Ten Ways Your Healthcare Org May Be Violating HIPAA - Security Boulevard
- 36 Best Business Books that Changed Microsoft Leaders’ Lives – J.D. Meier's Blog
- How I Became A Believer In Consuming IT Security As A Service - Security Boulevard
- 5 lessons public wi-fi can teach us about cybersecurity - Security Boulevard
- Apache Struts Vulnerabilities Burden Us With a ‘Stay or Go’ Deliberation - Security Boulevard
- A Little Guide to SMB Enumeration
- NHS is still assessing the cost of WannaCry one year laterSecurity Affairs
- CompTIA A+ Renewal Process - Security Boulevard
- Security Vulnerability in Internet-Connected Construction Cranes - Schneier on Security
- How to Enable HTTP/2 in Nginx
- Spectre mitigation guts Linux 4.20 performance – Naked Security
- InfoSec Handlers Diary Blog - Restricting PowerShell Capabilities with NetSh
- Pedagogic-cybersecurity-framework.pdf
- 6 years of Raspberry Pi in video | Opensource.com
- stoQ - An Open Source Framework For Enterprise Level Automated Analysis - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Keyfinder - A Tool For Finding And Analyzing Private (And Public) Key Files, Including Support For Android APK Files - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- 6 Ways to Anger Attackers on Your Network
- Reddit helps admin solve mystery of rogue Raspberry Pi – Naked Security
- Why a Helium Leak Disabled Every iPhone in a Medical Facility - Motherboard
- ꓘamerka — Build interactive map of cameras from Shodan
- Here's How Easy It Is to Make Your Own IMSI-Catcher
- Libvirt Fencing on a Physical KVM Host | Lisenet.com :: Linux | Security | Networking
- Yubico Security Key Review (The complete edition)
- SQLiScanner - Automatic SQL Injection With Charles And Sqlmap API - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Understanding the 7 different types of data breaches - Security Boulevard
- Voice of the Customer: The Walsh Group found that Azure Active Directory gives them a competitive edge - Security Boulevard
- Star WannaCry victim NHS to ban fax machines by 2020 - Security Boulevard
- New NIST TLS Management Guidelines for InfoSec [Expert Advice] - Security Boulevard
- New NIST TLS Management Guidelines for InfoSec [Expert Advice] - Security Boulevard
- Notes on Build Hardening - Security Boulevard
- 5 Key Components Every Company Should Have in Their Privacy Policy - Security Boulevard
- The Top 5 Third-Party Cyber Gaps of 2018 - Security Boulevard
- Ahead of the Curve: University Incident Response Plans and Communications - Security Boulevard
- OWASP 'ServerlessGoat': A Vulnerable Demo Serverless Application - Security Boulevard
- The Year Ahead: Cybersecurity Trends To Look Out for In 2019 - Security Boulevard
- What’s the Problem with SMB 1, and Should You Worry About SMB 2 and 3? - Security Boulevard
- Why TLS 1.3 is a Huge Improvement - Security Boulevard
- Strategic Ways to Add Value to Your IT Consulting Business
- Beyond Scanning: Don’t Let AppSec Ignorance Become Negligence - Security Boulevard
- GUEST ESSAY: Top cybersecurity developments that can be expected to fully play out in 2019 - Security Boulevard
- Want Your R&D Team to Rock? 7 Tips to Help Your Developers Perform Like a Supergroup - Security Boulevard
- Top 30 Supervisory Control and Data Acquisition (SCADA) Technician Interview Questions and Answers for 2019 - Security Boulevard
- 3 Reasons Osquery Should Be On Every Incident Responders Christmas List - Security Boulevard
- Healthcare Cybersecurity in Intensive Care - Security Boulevard
- Flaws and Vulnerabilities and Exploits – Oh My! - Security Boulevard
- 5 tips to secure your supply chain from cyberattacks - TechRepublic
- We Asked 105 Experts What Worries Them Most About the Future - Motherboard
- testssl.sh - Testing TLS/SSL Encryption Anywhere On Any Port - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- XSStrike v3.0 - Most Advanced XSS Detection Suite - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- CAINE 10.0 - GNU/Linux Live Distribution For Digital Forensics Project, Windows Side Forensics And Incident Response - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- SpiderFoot - The Most Complete OSINT Collection And Reconnaissance Tool - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- CRS - OWASP ModSecurity Core Rule Set - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Jackhammer - One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- Faraday v3.4 - Collaborative Penetration Test and Vulnerability Management Platform - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
- The 4 phases of a business continuity plan - IT Governance Blog
- List of data breaches and cyber attacks in November 2018 - 251,286,753 records leaked - IT Governance Blog
- How to create a business continuity plan – with free template - IT Governance Blog
- How to build a cyber incident response team - IT Governance Blog
- 7 of the most common cyber attacks you need to prepare for - IT Governance Blog
- Your checklist for responding to and reporting data breaches - IT Governance Blog
- 10 things you must do to become cyber secure - IT Governance Blog
- Your DPO questions answered in an interview with information security experts - IT Governance Blog
- Phishing, Ransomware Attacks Continue to Menace Healthcare
- Why NIST is so popular in Japan
- 7 CI/CD tools for sysadmins | Opensource.com
- Australia's new 'decryption' law and its effect on tech companies worldwide
- HOWTO: Calculate Elapsed Business Hours Using PowerShell – Please Work
- Network UPS Tools | Calvin Bui
- VMware vSphere Security - Getting Started Hands-on Lab
- People First – The Frequently Overlooked Importance of Culture Change in DevOps Journeys – Premier Developer
- Colorado Embraces New IT Security Philosophy
- Zero Trust part 1: Identity and access management - Microsoft Secure
- StarWind rPerf free tool • Nolabnoparty
- HTTP vs HTTPS – lakkireddymadhu
- How protected are you against cyber-attacks? – lakkireddymadhu
- All major browsers drop TLS 1.0 and 1.1 in 2020 – lakkireddymadhu
- How To Set Up Nginx with HTTP/2 Support on Ubuntu 16.04 | DigitalOcean
- HTTP/2 – lakkireddymadhu
- World Computer Security Day – lakkireddymadhu
- How to Find Hidden & Saved Passwords in Windows 10 – lakkireddymadhu
- How to Be Invisible Online (Without Going off the Grid) – lakkireddymadhu
- Visibility vs Results | The ORACLE-BASE Blog
- 10 Cybersecurity Myths – lakkireddymadhu
- Penetration Testing Techniques: Conducting effective recon for enhanced phishing (Office 365 edition) – David Vassallo's Blog
- Find email addresses in seconds • Hunter (Email Hunter)
- HTTP/3 – lakkireddymadhu
- HHS Deputy Secretary Eric Hargan Describes Cyber Initiative
- Analysis: Did Anthem’s Security ‘Certification’ Have Value?
- Health Data Breach Tally: Analyzing the Latest Trends
- Getting Started with Desired State Configuration Resources for VMware - VMware PowerCLI Blog - VMware Blogs
- Medical Devices: The Long Road to Security - HealthcareInfoSecurity
- 5 – 15s DNS lookups on Kubernetes? – Quentin
- Marriott: Data on 500 Million Guests Stolen in 4-Year Breach — Krebs on Security
- Installing metasploitable with vagrant
- What the Marriott Breach Says About Security — Krebs on Security
- HHS Seeks Feedback on Potential HIPAA Changes
- Incident Response: Why a Tabletop Exercise Is Essential
- SlithIR · trailofbits/slither Wiki · GitHub
- Slither – a Solidity static analysis framework | Trail of Bits Blog
- Cybersecurity Trends to Watch Out for in 2019 | Webroot
- Windows Incident Response: Veteran Skillz
- GDPR Compliance: The Role of Vendor Risk Management
- Does HIPAA Need to Be ‘Modernized’? - HealthcareInfoSecurity
- What is a VMware VIB file?
- How to Patch vCenter Server Appliance (VCSA) - [Guide] | ESX Virtualization
- I just setup WireGuard, and I’ll never go back to OpenVPN | Logan Marchione
- Windows Incident Response: Basic Skillz, pt II
- Windows Incident Response: Basic Skillz
- Though 2018 Will Likely Not Surpass 2017 Numbers – Still Significant Year For Breach Activity
- On Pace To Break 20k Mark For Disclosed Vulnerabilities
- Visualise Sysmon Logs and Detect Suspicious Device Behaviour -SysmonSearch- - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- Visualise Event Logs to Identify Compromised Accounts - LogonTracer - - JPCERT/CC Eyes | JPCERT Coordination Center official Blog
- What Is the OBD-II Port and What Is It Used For?
- 5 Cybersecurity Predictions for 2019
- Cyber Security Lessons from Abroad – Australia’s Essential Eight
- Addressing the CISO’s Key Challenges in 2018 and Beyond with Endpoint Detection and Response
- Multiple Ways To Exploiting HTTP Authentication
- ODA : Free up space on local filesystems - Blog dbi services
- 2018 in cybersecurity: Regrets, we have a few
- How To Install OpenLDAP Server for Centralized Authentication
- Listen to the radio at the Linux terminal | Opensource.com
- Web Proxy Penetration Lab Setup Testing using Squid
- Hack the Box: Jerry Walkthrough
- Comprehensive Guide on Dirbuster Tool
- HTTP Banner Grabbing Beyond The Root - DigiNinja
- Nessus Through SOCKS Through Meterpreter - DigiNinja
- Blog, Integrating GNS3 and VirtualBox - DigiNinja
- Wifi Honey - DigiNinja
- Multiple Ways to Exploit Tomcat Manager
- Thanos: long-term storage for your Prometheus Metrics on OpenShift – Red Hat OpenShift Blog
- FAIRCON Showcases Quantitative Risk Analysis on the Cusp of Adoption | Security Architects Partners
- How to Establish a Security Culture | Security Architects Partners
- Securezoo Articles
- Routes-apply.sh - Safely apply routes and revert on error | Sebastian Neef - 0day.work
- Is It Time to Start a PSIRT? Why Your CSIRT May Not Be Enough
- Here are the most common cyber security threats that occur in the healthcare sector
- 2018 in Cybersecurity Review: What Happened and What the Future Brings (Part 1)
- 7 Ways an Old Tool Still Teaches New Lessons About ...
- 9 Traits of A Strong Infosec Resume
- 7 Free (or Cheap) Ways to Increase Your ...
- 6 Python and containers videos worth watching | Opensource.com
- Patching the vCenter Server Appliance (VCSA) using the REST API
- Dream of augmented humans endures, despite skeptics - Japan Today
- How To Install IIS In Windows Server 2019 - RootUsers
- How To Enable Remote Desktop In Windows Server 2019 - RootUsers
- U.S. GAO - Information Security: Significant Progress Made, but CDC Needs to Take Further Action to Resolve Control Deficiencies and Improve Its Program
- DSHR's Blog: Securing The Software Supply Chain
- U.S. GAO - Federal Building Security: Actions Needed to Help Achieve Vision for Secure, Interoperable Physical Access Control
- U.S. GAO - Information Security: Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions
- SQL Server Linux: fsync and Buffered I/O – SQL Server According to Bob
- SQL Server On Linux: Forced Unit Access (Fua) Internals – SQL Server According to Bob
- How to become an AWS expert | AWS News Blog
- Serverless and startups, the beginning of a beautiful friendship | AWS News Blog
- ESXi 6.5.0 fails to boot with Error loading /a.b00 – Virtually Sober
- How to Enable TLS 1.3 in Nginx
- Security operations activities to watch in 2019 | CSO Online
- The Difference Between a Penetration Test and a Red Team Engagement | Daniel Miessler
- Automating a DevOps-Friendly Security Policy
- A Container Hacker’s Guide to Living Off of the Land – Professionally Evil Insights
- Measuring container security [LWN.net]
- Security Considerations for Container Runtimes - RHD Blog
- Deploying SQL Server on K8s with Helm charts
- Virtual Patching or Good Security Design instead?
- A checklist for overcoming life and career setbacks - 80,000 Hours
- A year's worth of education for under a dollar and other 'best buys' in development, from the UK aid agency's Chief Economist - 80,000 Hours
- Response: A Chief Security Concern for Executive Teams - EtherealMind
- Zen of Routing Protocols « ipSpace.net blog
- Red Hat Global Customer Tech Outlook 2019: Automation, cloud, & security lead funding priorities
- A Chief Security Concern for Executive Teams — Krebs on Security
- 5 Dedicated Server Security Vulnerabilities and How to Troubleshoot Them – ThisHosting.Rocks
- HardenedBSD 12 Released With Jailed Bhyve, Disables SMT By Default - Phoronix
- Closing the Global Cyber Enforcement Gap - Lawfare
- NASA discloses October security breach
- The US ballistic missile system is a cybersecurity nightmare
- Errata Security: Masscan as a lesson in TCP/IP